last executing test programs:

2m30.435053557s ago: executing program 1 (id=507):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x1, 0x16b, 0x1, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{0x2}, 0x8, 0x3, 0x0, 0x0, "ae771949a0cb35d4"}}, 0x48}}, 0x20000000)

2m29.793788054s ago: executing program 1 (id=510):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000240)={0x84, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0xb, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x40025b0c, &(0x7f0000000040))

2m27.387458971s ago: executing program 1 (id=524):
r0 = io_uring_setup(0x560e, &(0x7f0000000a40)={0x0, 0xb589, 0x2, 0x0, 0x3bd})
r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
listen(r1, 0x3)
accept4(r1, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2m26.947928265s ago: executing program 1 (id=527):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x100015, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})

2m26.256660273s ago: executing program 1 (id=531):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000002d00091327bd70000000000006"], 0x20}}, 0x84)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000002d002100000000000000000004"], 0x1c}], 0x1}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0)

2m25.294149243s ago: executing program 1 (id=538):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001580)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x10, 0x9}, {}, 0x6, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x4d2, 0x33}, 0x0, @in=@private=0xa010100, 0x3505, 0x0, 0x2, 0xb7, 0x2, 0xfffffff9, 0x1}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c)

2m24.588465406s ago: executing program 32 (id=538):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001580)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x10, 0x9}, {}, 0x6, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x4d2, 0x33}, 0x0, @in=@private=0xa010100, 0x3505, 0x0, 0x2, 0xb7, 0x2, 0xfffffff9, 0x1}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c)

2m24.380622716s ago: executing program 0 (id=542):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)={0x28, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000815}, 0x850)

2m21.554417135s ago: executing program 0 (id=554):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r1 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
r2 = fcntl$dupfd(r0, 0x406, r0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
readv(r1, &(0x7f0000000880)=[{&(0x7f0000000440)=""/219, 0xdb}, {&(0x7f00000030c0)=""/4096, 0x1000}], 0x2)

2m21.144318048s ago: executing program 0 (id=557):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10)

2m20.880286387s ago: executing program 0 (id=558):
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file0\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x2, 0x222, &(0x7f0000000800)="$eJzsmL9rFEEUx78zu7feiog2KWwsDBjR7GX3UNIcGkGwEiHxV6WHWUPMJieXFUxANNjYaGchpLHwH7BIkcrCzn9A0EIFwcIrLGxsRmZndm9yc3HDcla+TzF8Z9+befPezbziQBDEf8vXL78+Pzs/PXcKwAGMY5/+/t0BGFOaG/6fXt4/+aJ1YfPNx9fvVg4+3B7cTy4RYueH+l/iuwDezjhIi0jF6t9SjOvJHHihr4DjhNbXwBBofQscV7WOwXBD67uG7kj/ILizmMTB7U4yL8WUHEI5RHJoDp6vt8Ewr+dCCMEM++ra+lI7SeKuIVxtG2KqJIpgS2NW/Wrw0JvhaBnnk1W8/vTJhpzntZky6heCI9RJNMEwq79PYzOvjSqJkf8Rt7+/Y+U/JFumLwNQlmRdidbPkRTLFIcnqy2fkOmcs02HUOUY2Lmqhr5JVnK0KVtXJxNu+V08q3/QCrEuDWYhHg1/AM99AP8oU1NUyiIXY73t97bpmxJ81/ssWHkItvf7U9/rmfOHWL1iPmReI/8tgA9bqn+IVwzHjf7kGv2jkS7fa6yurU8uLrcX4oV4JYqaZxjw+HTUyBqRGq2+1+/Pftaf9hv713bx9biHB+007YZq9JgHH2najbJ5ZDyb2a3Oj5t6WYqLAI6piWxpXrGjY8VgnvLhma9UE7YTQRAEQRAEQRAEQRAEQRBEJY6CZf+ClhBdzrz/BAAA//9oglvV")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
open(&(0x7f0000000040)='./file2\x00', 0x141042, 0xc0)

2m19.928218831s ago: executing program 0 (id=562):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f00000010c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r1, 0x1, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x818}, 0x22000040)

2m15.233780325s ago: executing program 0 (id=580):
r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f0000000140)=@abs={0x1}, 0x6e)
listen(r1, 0x0)

2m14.090205746s ago: executing program 33 (id=580):
r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r1 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r1, &(0x7f0000000140)=@abs={0x1}, 0x6e)
listen(r1, 0x0)

1m52.398875758s ago: executing program 2 (id=675):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb02b, 0x0, 0x0, 0x403, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff2df3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffa6c7, 0x0, 0x3, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x1, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x195, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400})
ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r0, 0x7b0, &(0x7f0000000200)={@any, 0x8})

1m52.021664154s ago: executing program 2 (id=679):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000300)={@void, @void, @eth={@broadcast, @multicast, @val={@void, {0x8100, 0x7, 0x0, 0x2}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0xfc, 0x2f, 0x0, @private=0x1fe1, @multicast1}, {0x8000, 0x8100, 0xc, 0x0, @gue={{0x1, 0x0, 0x1, 0x9, 0x0, @void}}}}}}}}, 0x32)

1m51.290634469s ago: executing program 2 (id=683):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_IE={0xd, 0x2a, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x4, 0x1, 0xb, 0x28}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x40880}, 0x0)

1m50.702774144s ago: executing program 2 (id=688):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000040)={[{@minixdf}, {@nobarrier}, {@barrier}]}, 0x67, 0x52b, &(0x7f0000000a00)="$eJzs3V9rLGcZAPBnNrvHk3NymlS90IK12krOQc9u0tg2eFEriF4V1HpfY7IJIZtsyG7ak1BMDn4AQUQFr/TGG8EPIEjBGy9FKOi1oqKInuqFF9qR2Z1Nc5L913aTTZPfDybzvjPvzPO8G2Z2ZmeYCeDKeiIiXoiIt9I0vRMR0/n0Qj7EYXvI2r354LXlbEgiTV/6RxJJPq2zriQf38wXux4RX/tyxDeT03Ebe/sbS7VadSevV5qb25XG3v7d9c2ltepadWthYf7ZxecWn1mcG0k/b0XE81/8y/e/89MvPf/Lz7z6x5f/dvtbWVpT+fzj/XiHiv1mtrtean0WxxfYeZfBLqJiq4e5yW4tJk5NuX/GOQEA0F12jP/BiPhkRNyJ6ZjofzgLAAAAvA+ln5+K/yYRaXfXekwHAAAA3kcKrXtgk0I5vxdgKgqFcrl9D++H40ahVm80P71a391aad8rOxOlwup6rTqX3ys8E6Ukq8+3ym/Xnz5RX4iIRyPie9OTrXp5uV5bGfePHwAAAHBF3Dxx/v/v6fb5f8fBOJMDAAAARmdm3AkAAAAAZ27Y8/8bZ5wHAAAAcHZc/wcAAIBL7SsvvpgNaef91yuv7O1u1F+5u1JtbJQ3d5fLy/Wd7fJavb7Wembf5qD11er17c/G1u69SrPaaFYae9djs7671Xx5/aFXYAMAAADn6NGPv/77JCIOPzfZGjLXhlt0yGbARVU8KiX5uMtm/YdH2uM/n1NSwLmYGHcCwNgUx50AMDalcScAjF0yYH7Pm3d+k48/Mdp8AACA0Zv9aO/r/4W+Sx72nw1ceDZiuLpc/4erq3X9f9g7eR0swKVSGnQE0HebPxhxNsA4vOfr/wOl6TtKCAAAGLmp1pAUysVOvVAolyNutV4LUEpW12vVuYh4JCJ+N136QFafb7VMBp4zAAAAAAAAAAAAAAAAAAAAAAAAAABtaZpECgAAAFxqEYW/Jr9qP8t/dvqpqZO/D1xL/jMd+StCX/3RSz+4t9Rs7sxn0/95NL35w3z60+P4BQMAAACuhAEv8H9Y5zy9cx4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKP05oPXljvDecb9+xciYqZb/GJcb42vRykibvwrieKx5ZKImBhB/Mnsz0e6xU+ytI5Cdos/OYL4h/f7xo/D/FPoFv/mCOLDVfZ6tv95odv2V4gnWuPu218x4qH6u9V7/xdH+7+JHtv/rSFjPPbGzys949+PeKx4Kv5BFqETP+kR/8kh43/j6/v7vealP46Y7fr9k3SaZHvIqDQ3tyuNvf2765tLa9W16tbCwvyzi88tPrM4V1ldr1Xzv11jfPdjv3irX/9v9Ig/M6D/T51a27WuMf73xr0HH2oXS93i336yS/xf/yRvcTp+If/u+1RezubPdsqH7fJxj//st4/36/9Kj/4P+v/f7rXSE+589dt/GrIpAHAOGnv7G0u1WnXn0hays/QhG2dHZxciZ4XzKRyMdIVpmqbZNvUe1pPERfhYWoVx75kAAIBRe/ugf9yZAAAAAAAAAAAAAAAAAAAAwNV1Ho8TOxnz8KiUjOIR2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/H/AAAA///s19ky")
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
r1 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
write$binfmt_register(r1, &(0x7f0000000440)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x0, 0x3a, 'usrjquota=', 0x3a, '', 0x3a, './file2', 0x3a, [0x46]}, 0x32)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

1m49.883929583s ago: executing program 2 (id=691):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY(0xffffffffffffffff, 0x5000940f, &(0x7f0000000080)={{}, "c34701817af46dc6c847d595042448c2efdf49066d624c84adb1479c6a8da4b84a16e81440dec6bec56f488292cc9f7857c379e9ce866819c726a1d3d66d89bd9941dad338368abe4e81b80b560f44dd077012bf6f0beee754267ebc6e3f27aa91f380805295655adae210e699f03dbabc43e63849e89dacff7c751f36e55f4dccf597661951199ee87b655cf9411c5699df2d23abdb018351d2985ca5874438fea2c947bdc8ec9f1a795e38f46acc244d741fa5c389bacb2153b90943f37db20836cf3781f4575473db9006f7906bdb2ee5747d2e645ea2b0440d287d728839ceb0bc754a017a6cf9c1d226a9789edbac0416a744073848764c15ea995d64c3ff71c311c14e7cd53c608d96de426075b45dad4f90b29d5bdacb9a575b84fcc1d80497defe60d8df081c06a719fbc4397ebbc30322e14718e1f57e7b19ce8ac84bc89bd69abb9409fca911ab6562a806219d97674774d6bfe06309c2545f0b7a3615182a6d04ad8a86901c303357aea50ee291d1869091816ae35f5cd29959c3e1b6d90e50c3afdb16ab107a21920318fc399f286d047819a09d28a2b967d760d7910b5ac7cbe7c59a66df4e7ca3176144a8da9b0a198c00dce530ea6d1d46d0c8e75f7a9c7804a4f49f41cad20311b76ebd3fa4635704f09f583d4924e9d70ce949d6523ff0cc40d876cd223a8c93f84de148ea2d8d9ed55fc341fc503bc3fa8216db667d79dc6d0c4102321ab2e6743569aa8cc586c7ef811d426d92da9ebbc68af5c89e740a9f2818a5a3026b2bd464579dfb1be8472a04df0939f92be8cb10581370495919876b3d5760066ee129319cbeed883c2d3ff441b09a22b7cb6b4d221e115cb43a9e07b5f80ee79d22fa5a7f1b868cb9895b3cce2d87bed710f8bbf6f7d2b04d4e56f0b366f2287112b1865b9fa895b9dc7601b77ee7e8aa509c59d60dd85ff8c3c79b58a87fb1fe44ded1e9517b66b6b33ceb18234d8da34da954c4282d306f7466e2eccccadbabd70314ae1fa862392404216abe77b03250dead062459f67cf5ec6b04b4378a403f70ec176d822e41731d1370d373a97fc5929a172905b31a2db84ebefb36671c60116ea1bc9ff03744fdc1c64b45269765efab05a02c811cdb3aca122439fefeb5cca03a08242dfd17bbe4354123158ba5f98520cce7fc955441ecd706b2b2980695cf2600577781a290d48028f0be6b31e19af4ad803c04116a9f81d88edd822c80c8fb72afc4fa0f156aa10d5493e45efafef15e1ae7659991784276468283118eb47ef91ab4f766304b6f2e80c1b33a5e7a22323a6329c2d8201363e44990b0713af03e554c35b7a42aa51bfddfbc797bf3ea13be7f144039cd084956a53c485b8be696afbdc2f1de4a42489f63356eb9b9edbd706b12143ab031e5e00ab34a4c184c2e915d6f96958a94a76e9e61a11702f771344d15060e84f3bf4f16c0e0093a74b2331f401a0a9e7fa86853aeed29f8ce1c5917f5dc399c03901e49384ed3adeaa90383850d7a93075b4822d50a9f15778d4714f93eef32b2587cb0a983f3dbce0bfa759a6bb3042ed456ee769388acab8d7dd054efafd2d6b342a3a5e0664a4581720603f49387e1ef6a697b3ef20abec31024ce9a382d104510c0beb9c2529bec7a022f8f9d70817c6f726b4e21e7c7ee4274cd7ed16ea2d035eea2dc6bfa3810ba779168b71ad0ad859b15fcfe9359029a0986d4bf5a23b4039a01b7d3fb0f70a078086f7c08fa8f082db534035283b847fd0c18e291b034701075e6f5145996522a488816f22f18cd8a5a50a32326248d8a213632ee3313586ce34072005372d7eb0052f227a8414df3646a35ce63a2e3a394a6fdf66a4984142ab101d718767f923bfafda35b7a40509a16fbdad1449f807871787f473ee6896246f7b682f9bb8888165260052501fb753b1d0a04d4bf14a253b97100643b724e87022a684a7db51551b0751e1cdad909948b6beb71028fe13ebea5ab1bed681e47de2d12e3f00e3b8a7e6e6e335a9b65b83ee31f82e91056707c7577332f0878001d48e71e66c4165d535296938ea11f847660a7b84cbf88fb0838f25f8b08c795c5f90508c694199b3f60677847e7f9fcb5c55a295805119ae7bf7e41118b3f44e9814b9e6c3e633d6451bf31f5234bd361174694fa7ced21a9295513625e3bcb8a94617b70c341c561d70930f314e65f335c1412f2eb2c3a1ffa70fee6893bc0f61b651360a59472f13f3e09acb982e46bef9488e291a776aa2f883b85f49ae72f470863a20e160efc0c26b5dd482a7948ee28b747d18e979b451f553cc2db7f7692bd38f4ff2facf1381a69b7ea60777fd046c16273924eeeb3053c661227dd417614eef5879c5bd1c601f43ec373bd5d56ba5af8ea4c2bbc30c6eae3041e59930def19f8847b0a75aa4acd22a59b01acc8d564efbab4c5302905d837348186cebbe11abf4fb31c82ea275cc80646ba9f84bd162d952e51c84fa5783805a0bc4f51b2d42c8795af0b693ceeb37cd9602bb0708e123abd35ab0722f51f98ffb7cd9927010b8be4a43b79d7daaf785a3a5fe396fc84f797001f848c0ccbf5cbba5a42cdb48afb5ba9421a89782c9cbe3e1279d4ac106cbe7704a173af1a219f77f8c585e7b22a19be68d94856c6df443e0a556c96edc34449fc2f207e22c0889c7a9b61ffa2482481be43876c48a02c114ed934a0dc88a62ca35b819f7de29c614f9746c5549e6d90f24a2e468d002923b712bab46f6df914db1805e87da1096a74e04f76e281009e8bc256c8e559403b6398e1ae2e9ad7347c760e8640702c9d2b1513531a040c653a4e45dfb140c80cf2b92de3a9a08e71c22e0515c5e64e24e7b267ae24681fadc0378300139ebedf9f6ed49be483f81125829d6cf62b7df7a912cfd65328971187419bb1963f1c7618755274c09487eddc2dd862e3760d203364ec5d919e92d76187fdd3f4c5f2817fb56c25b99c954268c05b9a046be0a7c05e1740eb74aa23c9c4d369d366f4008f3f598063a04cc2e7beedabb401abced26cd0dd592f88a62106601493081fbcf98ead54ebce82437b2e416ef68461222cb3ed944670fa976ce2642d5800c60750e4202856fc1417bf7a86b43a28e7586bbf765cc2867bf52101cee231a71b51599c98974771189ce4ab18928ac1d9b6cd20d0d5ae5d47c96c97dfc670a0e8ab6d72d675c6ac53fb19408aabf2d91d098306a8226b45fc5f38c42344d839a4ab7ba10c5f987193dcde8621670532f751ec8f88cc205f8d6ebc6f4fbf11922d29c07e77be9107eec73a8d1ad2e517c5eb32fa8f11c373b00ad7048aa0692931ada4f17a19f3c0f05b2607ff35d8948141d2318999ad4f4ba1aba5ae0f17ddcc0b5731ec2a7ba9a9562aebb9f201d31dc29ab740640b4844873cbe999c230f3b0ab2696955d4f130a82aad132c0a5fc27affc74338504777c55e04a76e0ab4c3739c0160fd0104e8fe39df917f4ff878bfccd6cbd35370ba7df108d04c947f66f2add756631f07cf78244280f1a2ba4495ecbb9c3adf6bf2d6df6c186033b7d2279002c1ac5d548aea24ee365da90c013843b4382b13343c4545478718ac1cfdd41c3dbb1790645ad7783daca0e5e1a3188ccb18efe099101f9e344e07c0456e5beace3db667f8940ae4caf6902f3e30583ed3d291c39d6d2816806dcb13ad24b7a45fde38b252e57238dd195087b74e18600c9f9e82126db092a90813d4967421afa7cd6e1ca56071234911a53b94d5751d2708405212ba3098c59c4f311e493637ed2b01f8933520b514217c12302f6f6f9fc7faf366c9912f288007f1fce0422f6cecfdd4e58ae085ba9fabdaea5c83d1b4424c71ab28b1c20c4965e543f907ff26562f739f33a13bdeb3854d3f4e395f7eb4b092a8adf07e855613f9c1763e249a10880962af6e0521da0ee594daffdb7d96071d58ebf6cc891c8f5d7014521c63dd8e27274cfcc0cbfcc24094746894929a7d9e0c5a7cd8471fde480032fdb524625f60f835f4cab6c7d9c899fb3c7cbba3ec14aec101a2c491663018ea9eca1548993e17988669a12c5fa530b7a8be4d81497eaeb11d365b21f1892c62c9ba6c6b381016ee4b37b4100d46cce860b03873edceaa141ce07308233768be95f495e6994840daf5bdb2988267f7097c30c6ffef74a89d0c2440b58aa544ded460e9b9babae4c2ef992f5d599c733db373b8059a4c2087368634c9b789a6f5b4b5bedebdf51b01529c7cfe4b38030594bf3f8a6277b7277060d47ad794894a00a3c9d389a2c251d89e91b16072bc3b750567d260cf81270d72ac8fe4c3a80776003b7a970c055725d65e086b87d530e128e83631ffe2a53d0591179041a7872240ebf6ba856d847ebe5838c1988d961fb9515e42cb53cf1561e217fa919ac18b3e3d6801409f99e6efd8213b7331512d5203405ccd7a5ddecef1b9d87ba205d4e5796512aed9852a5ae3fc06d22d45ee94d25c4cd220358d7f86bbd153b427d32eeeeedae562b4f8e7d603386168c0fd68c626a937b569f1762a7eab2f8cafaedb0fffb141591bd5e93e903d41f35c3ee000883ccd28955499a14332f01094ed5a4127213fac91aa7f98d9044c5e1b13dbbdff30d0b04b9a1839cc306982393d81ea4082f5acd8dc8482518d07c4f8b9a06ac3c7ef6b5480001e98a35d53fe6be2f264a7465962adc812586ace1f2bd92a4388ec4334b71a3120c4eeae81dc2f077f18a9d03384e01cb81665cf8fe1e6a0f49b8863325e0204156c32830ecbbab9c9da68a47ac1d4363bf1fc8f6b9a9c08d445865a2c95666f0b687eac87846d90309268841a771da9cab3fa6df00a9a6780f7031e08555e717ac14507052afa13f732bd45081500434760846b4ef0a38ed2da0389a76356bd793d33504b068b12b16064c1cf3cd392a28a23dce7346dfb5d587e60f37752310b2f1969a4bd17ab4c399852bc73cc09a9af8afed9704525ce2ef5cb53c9721d87bb116c0bf30fa8c1564771aba6094cb0bb332873fe6a0381dab52b92b9fd1d3a0cf6d1e69858a35a257eabb25aeeb05e7734169b067224e78cb1c7cd8fe8e191cae210c4d3e09808007e0744875397306bfdf1b4159c6f92e28f61f7a3e5b5968fabee1a9085af737d3d4bb40bfc93b576dfefbf84d0228c29a9e9cb883481c61fb4a496e19bd8836b528cb2516cc57876ef53dc69ad56c761914a29577caec15af4a2f4124a855d3a7c71a28713b6aa3c59d29d24e44c7139fd10141d76e35a41f11f2cda2fe1f6d31ba2238d532fdeb4b065a179588e530e2edf1eae0ac44b7b06c6e1bc1ae7616f0757e51ed2352e120247ae9351e907980bb88849f353c57b033e25ac9f3314a91457804cb04821bf1d792c085cd6cf6b8dfddb9c1c34ca5cebc0d721da7903331c0f4768a33bad774eea2e2479592b96f2a74007f490f4906844ab8961b34b08cc5e59770e80bb9516402cd8ae9e9739d02e53de9f8c6360d47f2af19787b015d73c39d4286706249770e6d331ef733b6da8a0350b1a2c59d332ed2a66c2873370024b785047da30eed4d0700cde6070ae8643cc828c89662571300b702c6e7131c5cf0a7335c5262a8484dab33f20e69eaecfa48b2923dcbf689d58dead26dadd77d1e954b1d457d05cb9c9e303267c2e47388afc5e985d6038e90f0a8920bc9248563c57d47846e8f6d07c239ade648d0fac448f4cf773190872a8a6491bc4de13ce888d3ab349e6512fc93a710e1732bbbbd70a2a"})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)

1m48.856797138s ago: executing program 2 (id=697):
creat(&(0x7f0000000080)='./file0\x00', 0xa)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
socket(0x10, 0x80002, 0x0)
write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff"], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

1m48.025482997s ago: executing program 34 (id=697):
creat(&(0x7f0000000080)='./file0\x00', 0xa)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
socket(0x10, 0x80002, 0x0)
write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff"], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

12.514806979s ago: executing program 3 (id=1091):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x5b16, 0x0)

9.77167304s ago: executing program 3 (id=1103):
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
writev(r0, &(0x7f0000000280)=[{&(0x7f0000000380)="b3", 0x1}], 0x1)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff000)

9.187214961s ago: executing program 6 (id=1108):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x2)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)

8.645135822s ago: executing program 6 (id=1112):
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002000)=ANY=[@ANYBLOB="757466383d312c6e6f6e756d7461696c3d302c6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d77696e39352c000f3556feecb6412e00c80bdee16891f8bf67c9f201996782a86d4bab33b4f23383380e4ccafc9da9def41b05c1dfb2cfa24e43aedf5536d3bce06ddda97c586bc37fab5366b1ab6fee95cc224e56e681e82dd4dbbde3785fdd0fc4e7df753a0e2658aa5e88e1d38366c7908a7b2b678ee4b4bfc7aafa2101c157745926241af5ac30189eced78c1611b972d03bfef046f4adcada230ef0ac02ede79fb7d92a8354670c01cb80361c1fde2cef3204a182323c318e10ef11cb24c435d589b17a396377800f"], 0x1, 0x21b, &(0x7f0000000300)="$eJzs2j+LHGUcB/DfnJHEC5dd8R8JiA9aqM2Q3doihyQgLiiaFaIgmXizuuy4e+wsBytirtLWl2AtlnaCpLS5xldgYXfNlSnEkWRjcnesxSHein4+zXzhmS88D8/w8BSz/9rXn44GdT4oZrGWZbF2JXbjbhbtWIs/7carL9/46fl3b7z/5mavd/WdlK5tXu90U0oXXvjxg8+/e/HO7Px731/44WzstT/cP+j+uvfs3sX9369/MqzTsE7jySwV6dZkMituVWXaGtajPKW3q7KoyzQc1+X0yPigmmxvz1Mx3tpY356WdZ2K8TyNynmaTdJsOk/Fx8VwnPI8Txvrwd/R//Zu08RB8/jNaJrmiW/i/J3Y+CVakT2ZsqeuZM/czJ7bzS4eNE1r1VPlH2H//98OHernIqqvdvo7/cVzMb45iGFUUcblaMVvce8zeWCRr73Ru3o53deOL6vbD/q3d/qPHe13ohXt5f3Oop+O9s/G+uF+N1rx9PJ+d2n/XLzy0qF+Hq34+aOYRBVbca/7qP9FJ6XX3+od61+6/x4AwH9Nnh5aen/L878aX/RPcD88dr86E5fOrHbtRNTzz0ZFVZVTQRCEh2HVJxOn4dGmr3omAAAAAAAAAAAAnMRp/E646jUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/bn8EAAD//xrx1cI=")
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, 0x0, &(0x7f0000000240))

8.497260767s ago: executing program 3 (id=1115):
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, &(0x7f00000002c0)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1})

8.411957675s ago: executing program 5 (id=1116):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8905, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})

8.182998702s ago: executing program 6 (id=1118):
set_mempolicy(0x1, &(0x7f0000000000)=0x2000051e2, 0x3ff)
r0 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffe0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

8.057035516s ago: executing program 5 (id=1121):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f000905", @ANYRES32], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x40200)
ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f00000001c0)={0x2, 0x0, 0x0, 0x0, 0x7, 0x6})

7.758240125s ago: executing program 8 (id=1122):
creat(&(0x7f0000000340)='./file0\x00', 0x1)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000340), 0x11000)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000001780), 0x0, &(0x7f0000001c00)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

7.739609206s ago: executing program 3 (id=1123):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000010c0)={0x100000011, @multicast2, 0x0, 0x0, 'lc\x00', 0x25, 0x2, 0x29}, 0x2c)

7.659951298s ago: executing program 6 (id=1125):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f786174747200000000653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887836f23dbf8ad3dd5931c08b46ea5952a332ad207000c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d9bb55bb77bcadfdf75143289938f8d282688c10f0ffcefa57ff27c893414af5266072d92b4513d8d2a3d9419501652a3ce7230a00"/257], 0x1, 0x54fe, &(0x7f000000ad00)="$eJzs3MtrY1UcB/CTPqbzciziwt1cGIQWJqHpY9Bd1Rl8YIfiY+FK0yQNmUlyS5OmtSsFl+LC/0QUXLn0b3Dh2p24UNwJSu45lamOoDRt7PTzgdvvvSc3v/s7obScm5AAXFjz2a8/l8KNcCWEMB1CuB5CsV9KW2E9xnMhhJshhKlHtlIa/3PgUgjhagjhxqh4rFlKD31+e3hr7ac3fvnmu7mZa198/f3kZg1M2vMhhO5O3N/vxsxbMR+k8dqwXWR3dZgyPtB9mI7zmPvNraLCfu3ovFqRK614fr6z1x/ldqdWH2WrvV2M7/TiBfvD1lGd4gkParvFcaO5VWS7nxfZOox9HRzGv22H/UGs00j1PizKh8HgKON486AZ57PzsMh6b5DGY9280TwY5TBlulyo551G0cfWSV7p/7c32729g2zY3O238162Vqm+UKneKVd380Zz0Fwt17qNO6vZQqszOq08aNa66608b3WalXreXcwWWvV6uVrNFu42t9q1XlatVlYqS+W1xbR3O3v1/rtZp5EtjPLldm9v0O70s+18N4vPWMyWKysvLma3qtnbG5vZ5lv37m1svvP+3ffuv7Tx+ivppL+1lS0sLy0vl6tL5eXq4vmd/+h//X+a/yep6THOH06kNOkGAM4f639gEs77+j9Y/4+F9f/Fnj+ciPU/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCF9cPsl68VO/Px+FoafyoNPZOOSyGEqRDC748xHS4dqzmd6sz+w/mzf+nh21IoKoyuMZe2qyGE9bT99vRpvwoAAADw5Prqo5ufxdV6/DE/6YY4S/GmzdT1D8ZUrxRCmJ3/cQxVQrrZFJ49eVfR6Pd7JhyMqVpxA+vymIrFW24z46r2r0wfi8uPRCnG1OOf9/GZdAcAAJyO4yuBs12FAAAAcJY+nXQDTEbxTmv6LH76AP9cjPSG4JVjRwAAAMA5VJp0AwAAAMCpK9b/vv8PAAAAnmzx+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD3buJyd1KIoD8Gmh7/H+GIlx7lacwTJcgkOHhgW4CZaAW3ADrAFnLsGAoS3RGkxMettG8n1Je7kN+XFKmJx7SQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC49F6v54/3VQ9uc7a6dNHcDAAAAHLMpVvPyxbSa/6uvn9WXLup5FhF5RBzr3Ufxq5E5qnOKL95ffKrhKaJM2H/G7/r4GxHX9fF63vW3AAAAAKdrvVjOqm69Ok2HLog+VYs2+f+bRHlZRBTTl0Rp+f50mSis/H2P4y5RWrmANUkUVi25jVOlfcuoMUw+DFk15L2WAwAA9KLZCfTbhQAAANCn26ELYBhZHLYyD3vB5T/v3zcE/zRmAAAAwA+UDV0AAAAA0Lmy//f8PwAAADht1fP/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NKmWM3Xi+Wsbc52106auwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf25xwFQyCMAWj+xa2TOYb3P6AExNLW5j0YCAlTfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDkc73jbn5t9iT/JN+GqfVIMndqWDo1rJ0btn4Yb14CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ/vzkgIhEARRMGf876Tvf1hJ0DOIEAENjypq0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzV7375PzE1ziRzp42l45Fk7aqxddXYe9A4ejDe/g0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzv37xs3FQcA/Nk+X2kBcQR0QxACiQEWer2Wlq4MoIiBPwEpSq8lcOVHm4FWFVIWNpS5C4IRISRQ2Po/dG6lLmXrcEORmBhA9tnJ6xGJgyj2Jfl8pOf3tWX5fZ8TRfn6+Q4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqE3e2Y2zYtObxml17N7jW2tFf3+mL9zZerBctCJOmkz6cHg53kn67SUCAADA8ZHV9X0I4WG+vVL0aa+s//P6nKLm/+7ZaVzX87N1f93XtX/Rfv3l0Ys7A/Wm4xQXvbw+Hp35Zyqdg5vlYnvuX8/olHe+fPaSlT+Q9P3NFyZ5eT+Tb+7efbdbhieayBYA+D9O130V1P8PFf2wzcQAODY6UeFd1/9Zr92cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJrQ3QxP13ESQlju7MaF+49vrZX9zP6drQfLdbtw+/ZWfM3iEnkI4fL6eHSmqYkcAtdv3PxkdTweXWs+eCWE0N7oVfDhHOeE0GaGgv0GafW7vij5HI6g5T9MAAAcOXnVirr+Yb69UhxLlkL46/sn6//XozjE9f9MH9f/jz66cC8eK67/h43NcPENNq5+Prh+4+ab61dXr4yujD596+zw7eG5i+fPXxyUz0oGnpgAAACwP92qxfV/uhTCZGb9/1QUhznr/y++HX4Vj5Wp//e0u+jXdiYAAADH2/Ov/vF7ssfxpNsNX65ubFwbTrc7+2en2xZS/c9OVC2u/7OltrMCAAAAmjDZTJ5Y/78UxWHO9f9nfnjpp/iaWQjhZLX+f3rts/Gl5qbTkj/nOquJjxMf+FQBAABYaCerFq//5+X7/+nOKw9pCOGN16Zx9TWAc9X/2Xtf/xiPFb//f665KS6ktD+9H2XfD6HTbzsjAAAAjrKnqlYU+7/l2ysf/3zqg673/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9ncAAAD//99iPvs=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000100)={0xa, {0x9, 0x3, 0x9}}, 0xa)
ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000180)=0xfffffff9)
write(r0, 0x0, 0x0)

7.230945946s ago: executing program 8 (id=1128):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0x3}, 0x6)
ioctl$sock_bt_hci(r1, 0x800448d7, &(0x7f0000000140))

7.17838471s ago: executing program 3 (id=1129):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$bcachefs(&(0x7f0000000140), &(0x7f0000000440)='./file1\x00', 0x208410, &(0x7f0000000540)=ANY=[], 0x1, 0x5a7d, &(0x7f0000022340)="$eJzs3X+QHNV9IPDXM7Pa1a5+rAQ2MpjVIqOE4Nha8av8IxUrucROgeOSyykHcbJhQSsiWxIq/QggkyBy4LMK7MIpUglO/iAuzB1GcVEFF6NQJvw4ibOxVVx81BXmzs5h/+ErwqEKoKNcnPdqZ/rNzvRMb8/OzgpJfD4lbU+/efPt16/f9PT3zexOAAAA4G3h8G27jn3izN/93p9NvH7z7/3DtlvCULlaPhArDKfLG96qFnI89VdWVJfZcfGrX/jmz0av+e3vPjj4jTcObTpn849+57RrHv3cpQfv/usnXlv88C9fLIobx9P50+vJy0kIA985+hdfPPTMGVNlyZKpn6V9ISxLlj+xLAnh1sYQY78IIWxKV1Zk4j/0+oWbp5a33N7fVL40U894f3ubOs59IYS9x65/b/jxb2249Qcrv/V3fQde2jddJRloGE8hLLmq8fFTj12Y/p8SR1scj0m6XB9CGGx43AcK2vWeDtu/Jmf9rHS5IF0OFcSJ96/KrJcy9bLrUV9mOViwvbnKa0e39YosyqwnPYob5bUzli9Ll99Ol+fPMn453YdyEkpJqNSbvzWZHiOh4bglIakey4H6eql+bEO6/5n1JLNeyqyX+zL7Vd1uOtDKSdJcHutlyuPpuJKWn9N4rm7jUw23G+u9K5alT9Q3snUyQYdabtT3qyq26+gMbTkeSg3noHbl9QOfHoyhtGwoWd7ymMk24n2HNtyxurzxycPDOe1IHkzS+ElX8fd+f9mizz6wf0/2db0e/6pSGr/UVfyfXHbklSv2f/1rufHvjPHLXcW/4LHBly976rZVuf1zNPZPpav44y8+/eWVp199ILf998T4A13FX3fwSP/iY489ntv+sdg/C7uK/8KHP/rT+5975KXc+CHGH+wq/saDO77SP3LsvNz4j8f+Gepu/Lx64JLnR0Z+PpoX/9kYf3FX8e/b1/+he5fefmnu8V0f+2e4q/gfP/fRWxcde+TsvHNnck+vXjkB3p5OS6+xvpSud5tnzlVDvvBXo5XaNd+i9P/iXm4oc/GZzRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoBfe8d7/8rH/9enhlyvpen9644VSbRnLF4SQLAwh7No9vnP3lu3Xjn7uuj07t49vHR3fPTqxfffOG0cv+vXRnRM7to7fOHXv2PsurD1ueUhqy+Tslm33T05Oloaby+L2/s25B368+gP/+19CGHvHD0cque1fc/e2e09v8zMjWTf5kW17PvHDi/823a/htF3Dbdo1OTk5GXLa9X8uf/PePz/6s/NCGHvnTO16+oXf/MemBlULpuOkSv2h1qD+ZLBtO+qtTtsT+6uyecvWibGZ+3fq8eWc/fi3X3jpF5tv+Oqbtf4dyN2PDvt34brJraW/3PDx//eXN9UKitr1Vh33ov6OexHbF/tvIO3vJel+LcnZr0rOft32g8ef+86Z+1/bF8Yqr65s3XbRfvWlA6AveVdH241bGEyWNZUPpPXjEY+PW7N72441u27c+74t28avnbh2YvsH11609pKxiy+5eE11z9f0eP/j9n+lw/0/PuNp6R/v+3b82dl4am7Xgqkqs+qPqXYV90dji/Kef4Of+uJdH7z7qU/UCorGeaxdP59Ul8mbg1PHeW1oGG+tfdVuv4qOTwhhtF0/vPLapeGM/77l1qLzUOORafyZkaybfGbVv/7tB/5mxW/UCo7Leb6xQV2e5+utnm5Ptb8G0uMxeYL2b38op/s11LZda595qu+Ow//yJ/X2LVgQbhjfvXvn2trPRWlLFyVn3dyuXWdl1uN+raz+LNefbvVh2ma8TukLtfZlz5+xerZXh9L7hpLlbfcrK953aMMdq8sbnzyc19PJg7UtLgyLa8vk3Tk1t2YeWK43uN32T9TnX9H4GPnY3zz86Yf//qKW8XFB7WfRfiU5+/Wt5+676xtf/fd/37v9+thvHhn+1//5R6trBSf8eaVca0i91Wl7ksbzygUhNDz/2rZjZWi/H7nPv1L7/Sl6/mW3M12/fbzRzPpQKHf1fL3gscGXL3vqtlW5z9ejMz1fG3f2pqbHlQueryfK+Mk+v5JKczvm7/nVNFCSdZPf/dJp+564ef2ZtYKi18t67Xbj+sIO8o+c/frHK54fuW703/233p03vvnrD135o/F1f1or6P64x7b05rgPpP07kNO/9VbHvLOxf99/zXVbN9XKi/r5rbv+TZcF+U88ley6ce/nx7dundi5q7P96vT1NG4n28vdvp7Gs9vygv0qtezX/N3opL86fb7F9m/qur+an29DIenqdWHv95ct+uwD+/cMtzwq3dBVpTR+qav4P7nsyCtX7P/613Lj3xnjV7qKP/7i019eefrVB3Lj35Ok8QeK4y8JLfHXHTzSv/jYY4/nxh+L7V/YVftf+PBHf3r/c4+8lBs/xPhD3fX/qwcueX5k5Oe58Z9N0u1MXSOF8NDrF26urSehL32+xXb0NbUrZNeTzHops15uXC+lswhxA+UkaS6P9dLycxra0s4f5pTHq7CBFbXlG3E9ZG/MXH6iKTWc+9uVF12nAgCc6uL7//EaNL7/P5FeKOXPNMC0ueZhK3Lixjxsej5nQdP9K9L48fFxHnDk/WFsannLaO1Cf7bvI8TnQ3aeM27nvPc0x2g7P3GwcSPV7bfMcxbNv6/KrMd21ebLKw15aKo1r6mEDubfW7cz8/x7ZveL388a/VJLs0Yb5q2yx68vnTFr93mHTHsrUxHyxkd2Xix+nmNkSVhf3V6H4yP7OZp4HLKfo4nbOTNz4uz2czR542O4tR+a2hXHR6w3w/ioNrn4/cjW4xdm6N/p49c+Wvb4zeJ4D0zVn+/3Z3swb9j2lHb85g3n9/2wE2Jesk384zwvuaglfvoEO9HnDWN57KdKh/OJn84p79V8YjxdxHYdnaEtx4P5ROBUFfP/+Boxlf9PXYD/30y9ojwle9UY4+V+Tqjcvj1FeUfr5/QGu3od33hwx1f6R46dl3ud83inn9Pb0bQ2WPC5n6J+XJ1ZL+zHnAmaonwvu52ifs9+LmMoLO6q3+/bd/eH7l16+6W5/b6+9kJa3O93Na0tLuj3kyBfaB9fvnAq5Qut8Xv0OYai+bP8fKRcb8e85CPpB5/mKx/5g5zy2eYjgy036vtVdeLmI9MvpE35SN/xbRcAcPKI+X/9/bM0///neGGRXkcU5a3nZ9ZjvNy8Nef6JC9v/f10eUOm/lD6GxWzvW7++LmP3rro2CNn5+Yt93Sah/7HprXhwjx0bnlzbh6xvjefF8/NI+p51tzyxNz21/PEueXpOW/TNuTpc8ujc/unnkc3zwPcdWQ605gpfpwHyI1fnwfoYZ77y+lKxy/PLZivy2wsrnY6X3e88+ipkr4lzfvZnBcP9iaPTn99dr7y6E/llM82jx5quVHfr6oTN49uLpdHAwCnqpj/x8u4av7fH8JTscLCeGNu77Pn5gU9um7P/j2Qevxn5yWvnI7fo/d/i/O++c5b5zuvn+95iZP9/d/5nhcarv4Bz+7myXKCN8yTvWWfd52XvPif67c6zovTjcqLAQA4kcX8P6b58f3/pzL15pqftORvfbVLyOn85OTLzxvrncT5+eXheOXn/Sdzfn6yz3/N7+dkTq38f1qX74u/MXkK5//VNsv/AQBOSjH/j7/2GP/+339O17N/t77DPP2e7Md5vY/uffQgT+8gT+/xPFuM3/g5gJN4HqB8cs0D1G4snK5/Ks0DVPUFkwEAACeBvmqm1Pp79p9Jl9nfs8/7vfwr0mUScr96d0aV9PL46t07Jyau3LNj0/juiSu3X7dpYteV1+/csnv3RP3aeW55Y27ekuaNfaGS9kf7etm8bWn69xCW5vw9hGz9GPas6o3Wv4eQ3ezCgr8jMH38Omtv3vErzVC/3fiIx7vT8fGHOfWj+vG/5o8uuHLzriu3bN+ye8v41i17J5rrDVd/k7rz782M43FW35ea+dGiNPvv74yHZ27tKLW0oy/tj7zvZ08y7ViWtmRZ3vcf5LT7e//1z//43Mk37w9h7B3ld8+p/5J1k//p8onf3334hzum2l+asf31mmm7ir6vNFs/7k9l63W7dr9383V7tme/UbI7cT6jVF+fp881pE//cofzExtzymf7+/vllhsnpo7nJwAAaBLf/4/Xs/H9w6+mF1CxvDBP316rN9f3j3Pz9LHO8vTs95IV5enZ+nF/O83TB+aYp2e3X5Snt6vfLk/Py7vz4v9BTv3Z6nycdPE5j0raDw/s35M7Tq7qbJxkv8+gaJxk6892nCRzHCfZ7ReNk3b1242TvOOeF/+TOfXzFI2HSn08zO1zObnj4c7OxsOvZdaLxkO2/mzHQ2mO4yG7/aLx0K5+u/GQd3xb4zdPEHR73mgeH1MDozouJq68/rqdn2+oN9/ffxFaP5LRSfsWTD92fr//o1ud9+/8fu5r7u0PYV21JK/98f2BBbNqf6efK5t7+4v6fxafK1sSWj5Xltv+Z+c2E9Z5++f3+10y8qq3Pv54zdemw67o82dF87gbcspnO4+7oOXGick8Lrx1Yv4fr+Zi/n97uuz120An//ekdfE6F8/Bvscsv/87vI55272eZ99y93oOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEror6yoLg/ftuvYJ8783e/92cTrN//eP2y75Ve/8M2fjV7z2999cPAbbxzadM7mH/3Oadc8+rlLD97910+8tvjhX75YGHi4+rNyfro6EELychLCwHeO/sUXDz1zxlRZEkIoJ8P7QliWLH9iWZKJMPaLEMKmejub73zo9Qs3Ty1vub2/qXxpJkh2v8JQObansZ0h3DDz7gwU7jAnooF0nO09dv17w49/a8OtP1j5rb/rO/DSvukqyUDDeAphyVWNj+8LISxM/0+Jo21FfHC6XB9CGGx43AcK2vWeDtu/Jmf9rHS5IF0OFcSJ96/KrJcy9bLrUV9m2bCvCws23ZW8dnRbr8iizHr2ZDRXee2M5cvS5bfT5fmzjF+O/5NQSkKl3vytSXWMvPN/pOvxuCUhqR7Lgfp6qX5sQ7r/mfUks17KrJf7MvtVHZvpQCsnSXN5rJcpj6fjSlp+TsG591M55e9KlwPpE/WNuB6yN2qGWm7U96sqtuvoDG1J/Yf2xZXiR3ag1HAOaldeP/DpwRhKy4aS5S2PmWwj3ndowx2ryxufPDyc047kwSSNn7SLXymKv/f7yxZ99oH9e1bkxb+qlMYvddX+n1x25JUr9n/9a7nx74zxy13Fv+CxwZcve+q2Vbn9czT2T6Wr+OMvPv3lladffSC3/ffE+ANdxV938Ej/4mOPPZ7b/rHYPwu7iv/Chz/60/ufe+Sl3Pghxh/sKv7Ggzu+0j9y7Lzc+I/H/hnqbvy8euCS50dGfj6aF//ZGH9xV/Hv23f3h+5devulucd3feyf4a7if/zcR29ddOyRs/POnck9vXrlBHh7Oi29xvpSuj5jntmXn2fOVUO+8Fejldo136L0/+JebihjajtL5jE+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnpn+66aLPXP6RT26oJCEkOXUm24j3lResWzfaxXbHX3z6yytPv/pAY9mKLuIAAAAAxWIeXqqXDIQV4fpkYTirbf04R3BWXEuay7NzCDFOdo6g2zilNnFKXcQp96g9lR7F6etRnAU9itPfozgDBXEGQmdxFs4QpzI1Ajpsz+CM7ek8zlCP4izqUZzFmRDdxlnSo/Ys7VGc4RnjdD4Ol/UozvIexTmtR3FO71Gcd/Qozjt7FOeMHsXJzinPdhwuTmuemReneqNcGKeSlOt3tJtPPyPdztlz3M5QwXYWF70ed7idhR1u5z2Zx5VmuZ2BDrfzK3PcTtLhdn5tjtspFWwnjtsbsu2L24lrHY7/G3sUZ2+P4nyhR3Fu6lGcP+lRnD/tUZybQ/PF6WzjAHQq5v/T+d5w6K/8RhhMzzjZWYCY766s/mx9vcs7IcV4786ULyiKl03UM/FWzrZ92QmETLxVmfK+pniVej4yQ7yBxnirM3fOtL8fXte+bY3xzs+U988Qr2kHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA4+KebLvrM5R/55IaQhKl/VeVMnck24n3lBevWjXax3UMb7lhd3vjk4cay/kpXuwAAAAAUiHl4X71kIPRX1ob+ZEFTvYF0HmAgXS8P15YjS8L6qWUyWqquDybLZnxcJX3cmt3bdqzZdePe923ZNn7txLUT2z+49qK1l4xdfMnFazZv2ToxVvsZQn9BvBBCdfph1417Pz++devEzl21wmz7V6SPW5GuJ+njRt4fxqaWt6TtX16wvVLL9ubvRvHRAwAAAAAAAAAAAAAAAAAAAP4/u3YbKllZBwD8f2bmzoxXN2/4Ni7uOqyrWFnpdg0t8R4IEnxZvAgx17rJkitJV3fRXTGbdCE1pQiUhWXDD22YpElffEmJfGHBMEvobhIq5Yf6UGgZKn4IZeLOnTNvd2bnNom72u/3YZ4z/+f/PP/zHJaF/5kLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALy/FuvT87WZ2bnJJCIZktMYIJvLF9O0Okbdrzy+/Qel9W+f3h0rFcbYCAAAABgp68Mn2pFylAr5yMeJzW8bomsiOn0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/2exPj1fm5mdOzKJSIbkNAbI5vLFNK2OUfeVNx/87Ivr1/+tO1YZYx8AAABgtKwPz7Uj5ajEKTGRnLjU+bej2buBtX3rl/M6sn3WrTKv/93BsLxTVpl32irzPjYib3NrvDEAAADggy/r/wvtyFSUCmtW9MNZ/z+qr8/yTu7Ly7fGanfSQRVXkwQAAAAcXCm6+v9SO1yJUqHS7tdX2+9v6ISaP51n60f9bp+tP7UvL1s/6vf8S1qj3+kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4INjsT49X5uZncsnEcmQnMYA2Vy+mKbVMepuemLyHxftv21Dd6xUGGMjAAAAYKSsD++03uUoFSZjIo5s9v3rL7jn4S89/Oh0RCy3+cVi3Lhlx47rNi19xqYs76zn9k98/5nXvr0i76zlz0N2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4D2zWJ+er83Mzh2RRCRDchoDZHP5YppWx6j78ue/+Jf7X3js1e5YZYx9AAAAgNGyPrzT+5ejEsUoxvHNb929/pJc3/ph7wwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD4/rv3nTN7YsLGy9zsWhuWjkIw6D2/gfL7J/TofL/XzwL8qH+jYO7f9LAADAe+/kSKLxXzrh0kN91wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOFgsT49X5uZnSsnEcmQnMYA2Vy+mKbVMeqmjz9fWvP2E091xypj7AMAAACMlvXhnd6/HJWYiIk4rvlt0DuBZv8/9T7eJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBYWaxPz9dmZufWJBHJkJzGANlcvpim1THq3rdr7+fuPfp7F3bHSoUxNgIAAABGyvrwYjtSjlLh41GKk1rfF3oXJPnWOPi9QGfd9p5lk6teV+9Zlz/YuqQQ0V53R9/JCq3TLK8rZ/tNLY/tetXOulxrXbVrXSXa5avtdc2Htbun2poR51v55AEAAOD9k/X/pXZkKkqFUlf//9PWeERr1OcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIMt1qfnazOzc0kSkQzJaQyQzeWLaVodo+5Nv/3oUV/92Z07u2OVMfYBAAAARsv68E7vX45KrIuPxLpm3x9TvflZ3j9r79x797/+enrEmccfWF/o3/ZH2cWvXz7/yf6PiFxvdi7i6Fa9ZEi93/z+7hs2Nt65P+LM4/InragXB6/Xu2XaeKS29ZIdzxzYPuLhAAAAwIdE1v9PtCNTUSpcO7T/zzrvEf1/W7MBP/qGXb84tvXZ6sj7VuSmWvVyQ+p9YeODfz71nL+/ttT/r6z3yfbVp/dec++xPQWXI32StDFzzc7NB87el8tOvVw/31c/ey5f/tar/77qxrveWa5fjnIrvrbvVparrfzsKx9pYyG3Z+7id/fUe+sXhpz/tt899cKv1t751lL9N0+ebNc/LQbVXz55YWj9OCJtTF52++5z9+7f3Fs/IqqD6r/+1oVxwh+vvrX//JN9G3c/+e7P/geQNp7b8Ma+c+6pnNdbP+mrnz3/n79w3+6f3PXdR7P62d+KnH7Kauvn+uo/e8cxu56+5dK1vfVzQ87/5OUvrt9W/c4f+s9/Zc+uhaF30VLs1H/gjIeueGlLenP/owEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhwWaxPz9dmZudySUQyJKcxQDaXL6ZpdYy6r1z0/OuX3/njH3bHKmPsAwAAAIyW9eGd3r8clShGMSabff8jta2X7HjmwPaYWp5NWmNhYdv1Oz5x1bad1155iO4cAAAAWK1XLkqa/X+hHZmKUmFjTLT6/5lrdm4+cPa+XNb/55bGJCKuunph65nRznv2jmN2PX3LpWvb7wkimn8WUF7K+0wn74Lzn596409fP3Vg3qZO3nMb3th3zj2V87K86M47K9rvJx4446ErXtqS3ty+v+68T31t20Lr9US27+Rlt+8+d+/+zbnsPUZrnGztm+Ut5PbMXfzunnpuKkpL8/lWXrl1bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgpcX69HxtZnYu8hHJkJxGt1Ygm8sX07Q6Rt2LN/7y1qPefmxdd6xUGGMjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYX9+gmNo4rjAP7ebmI22aRNWsGomKZVUeqhRUFELyoq0ooUPFWKVFt7EAVBRKkHU2nFUhUvgtVLERXUKIUKNhZLq6Tiv+LFgwoK1YNQigHNUjyoZPNms5nuuO2mCtrPB5aX92bmO7+Zefs2AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH9KT9dwvT2y45HanRfd+tlT908/efsHD2274om3fhrddPOne/tePzm5efmWb29ZuunAA2smdr9y+LeB9/441jb48dlmZepWQognYgiVD6defHry8wtmxmIIoRwHx0IYiksOD8VcwurfQwibG3XO37hv+potM+22XT3zxhfnQvLXFarlrJ5Zg/Pr5f+lkubZ1tpjV4Xvb1q//ctl777TPX58bG6XOLNPOc2nEBZtbD6+O4TQmz4zstk2nB2c2nUhhL6m465rU9elp1n/qhBquX7dxak9L7XVNjnZ9hW5fim3X76f6c61fW3Ot1BFdXS6Xzv9uX5+MVqoRp2rWo8Ppfb91K48w/xy9omhFENXo/wH49wcCU3PLYZYf5aVRr/UeLYhXX+uH3P9Uq5f7s5dV/28aaKVY5w/nu2XG8+W4640vrx5rW7hroLxC1NbSV/Uk1k/5P+YVT3lj8Z11WV1Tf1NLf+GUtMa1Gq88eDTw6imsWpccsoxf7aQbZtc/+zl5Q0fHRksqCPujSk/dpS/9Yuh/nve3vnocFH+xlLKL3WU/8Pao7/cvfPVlwvzX8jyyx3lX32w78Taj3esKLw/U3MryOnkx9TPtt177JPnlp1/33irZ13P3JPd/0pH9d84cbRnoHbwUGH9q7P709tR/nc33Pbjm1/vP16YH7L8vo7yN0w8/HzPSO3KwvxDs1+Fan2GdjB/fh2/9puRkZ9Hi/K/yu7/QIv82Db/jbHd17+2eNeawvm5Lrs/gym/94zqv+OyA9v7a/svKVo7456z9csJcG5amv7Heib1271n7psutXzPXKim94WXRrtmf4H602fgbJ4oZ+Y8i/7BfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+IsdOCABAAAAEPT/dTsCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4KAAD//yURHCc=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x41009432, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})

6.454047871s ago: executing program 8 (id=1143):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00001700000000001c0037800b0001086970768a616e08000c0002800600010000000000050027"], 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

5.865172134s ago: executing program 3 (id=1133):
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000004000/0x3000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
read$FUSE(r0, &(0x7f0000010540)={0x2020}, 0x2020)

5.78370039s ago: executing program 8 (id=1134):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x78f, &(0x7f00000007c0)="$eJzs3c9rXNUeAPDvnSRNk/a95MGD9/pWgQcaKJ2YGlsFF3ElgoWCrm3DZBpqJpmSmZQmZNEightBxYWgm679UXdu/bFwo/+FC2mpmhYrLiRy50czTWbSSZqZCeTzgZs55/7IOd8595577sxlbgCH1lj6JxNxIiLeSyJGavOTiBiopPojpqvrPVhfy6VTEhsbr/2aVNa5v76Wi4ZtUsdqmf9GxLdvR5zMbC+3tLI6P1Mo5Jdq+YnywpWJ0srqqcsLM3P5ufzimcmpqdNnnzt7Zv9i/f3H1eN33n/56S+m/3zrP7fe/S6J6TheW9YYx34Zi7HaezKQvoWbRva7pN5Lel0B9iQ9NPuqR3mciJHoq6RaGOpmzQCATtkAAA6hxBgAAA6Z+ucA99fXcvWpt59IdNfdlyLiaDX++veb1SX9MR2DlYUDETF8P3nkm5EkIkb3ofyxiPjkqzc+S6eotYPv0oBuuH4jIi6Ojm3v/5NH71nYg2d2WrgxWHkZ2zL7sJ1/oJe+Tsc/zzcb/2Vqx//Ryt+t45/BJsfuXjz++M/c3rrN96/vQ8E16fjvxYZ72x40xF8z2lfL/aMy5htILl0u5NO+7Z8RMR4Dg2l+srJq85Hb+L2/7rUqv3H899sHb36alp++bq6Rud0/+Og2szPlmSeNu+7ujYj/9TeLP3nY/kmL8e/5Nst45YV3Pm61LI0/jbc+bY+/szZuRjzVtP032zLZ8f7EicruMFHfKZr48qePhluV39j+6ZSWX78W6Ia0/Yd3jn80abxfs7T7Mn64OfJNq2WPj7/5/n8kqXYCR2rzrs2Uy0uTEUeSV7fPP725bT1fXz+Nf/z/zY//arHN9//0mvBim/H33/nl873H31lp/LO7av/dJ249mO9rVX577T9VSY3X5rTT/7VbwSd57wAAAAAAAAAAAAAAAAAAAAAAAACgXZmIOB5JJvswnclks9VneP87hjOFYql88lJxeXE2Ks/KHo2BTP2nLkcafg91svZ7+PX86S35ZyPiXxHx4eBQJZ/NFQuzvQ4eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGqOtXj+f+rnwV7XDgDomKO9rgAA0HXO/wBw+Ozu/D/UsXoAAN3j+h8ADp+2z/8XO1sPAKB7XP8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQYefPnUunjT/W13JpfvbqyvJ88eqp2XxpPruwnMvmiktXsnPF4lwhn80VF1r+o+vVl0KxeGUqFpevTZTzpfJEaWX1wkJxebF84fLCzFz+Qn6ga5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQPtKK6vzM4VCfklix8TQwajGgUn0x4GohkTHEo29xFDvOigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAA+7vAAAA//9oei8M")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ftruncate(r0, 0x81ff)

5.41610381s ago: executing program 5 (id=1136):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000001600)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7}}, {@auto_da_alloc_val}, {}]}, 0x1, 0x535, &(0x7f0000000b40)="$eJzs3UFsI1cZAOB/Jsnau02bFHoAVGgphQWt1k687arqhXKqEKpU0SOHbUi8UbT2erV2ShP2kD1yR6ISN05I3DggcUDqiTsSB7hxQUJIBVagBgkJoxmPUycbJyZ17Db+PmnkN/PG/t+zNe+N/uzOC2BmPR8RexFxKSLejoil4nhSbPFab8vO+/DRg/X9Rw/Wk+h23/p7ktdnx2LgPZknis8sR8R3X4/4fnIk6O8j2ju7d9Yajfr94lC107xXbe/sXt9qrm3WN+t3a7WbqzdXXrnxcm1sfX2u+csPLkfEb379xT//bu8bP8yatVjUDfZjnHpdXziIk5mPiO+cR7ApmCv6c+ksbz7TmxinNCI+ExEv5Nf/Uszlv+Zhh3+mb06wdQDAeeh2l6K7NLgPAFx0aZ4DS9JKkQtYjDStVHo5vGfiStpotTvXbre27270cmXLsZDe3mrUV4pc4XIsJLe35uurebm/36jXjuzfiIinI+LHpcv5fmW91diY5o0PAMywJ47M//8q9eZ/AOCCK39ULE2zHQDA5JSn3QAAYOLM/wAwe8z/ADB7zP8AMHvM/wAwe8z/ADBT3nzjjWzr7hfPv954Z2f7Tuud6xv19p1Kc3u9st66f6+y2Wpt5s/saZ72eY1W697qS7H9brVTb3eq7Z3dW83W9t3Orfy53rfqCxPpFQBwkqefe/+PSUTsvXo532Lgef+nztXPnnfrgPOUTrsBwNTMTbsBwNQ8vtoXMCvk42F2/bfb7cbA2r0R8fCgNPAw0KH/ROi9kcKk1g2FT56rn/8Y+X/gU03+H2bX2fL/7uXhIvj/8v/uFuAi6XYTa/4DwIyR4weSU+oH//6/0h3YOfr3fwMKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM2Qx35K0UqzuuRhpWqlEPBkRy7GQ3N5q1Fci4qmI+ENpoZTtr1rmAwA+5dK/JsX6X1eXXlw8Wnup9O9S/hoRP/jpWz95d63Tub8acSn5x8HxznvF8do02g8AM2z+pMpfvNkv9efp/jze9+GjB+v97XwbetgH3+otLprF3S+2Xs180aVynmu48s/kUBez+5W5McTfexgRnzuu/0meG1kuVj49Gj+L/eRE46eH4qd5Xe81+y4+O4a2wKx5Pxt/Xjvu+kvj+fz1+Ou/fNqQO6L++Lf/2PiXHox/c8fE/0tE0b4RYrz0228/drC71Kt7GPGF+Yj9/ocPjD/9+MmQ8ffFEeP/6dkvvVAUl49U5ctOX43j+p8cOqnaad6rtnd2r2811zbrm/W7tdrN1Zsrr9x4uVbNc9TVfqb6cX979dpTw9qW9f/KkPjlU/r/1RH7/7P/vP29L58Q/+tfOf73f+aE+Nmc+LUR469d+VV5WF0Wf2NI/0/7/a+NGH8hdjdGPBUAmID2zu6dtUajfv/jF8onnpOOI8RBYWloVRKxN5YQoxRKP//R66efPObveXghuyk8y9tjWNXcBL7D2SqUPhnNGKEw7ZEJOG8fXfTTbgkAAAAAAAAAAAAAADDMJP470bT7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX1vwAAAP//+ofSHQ==")
r0 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r1 = fanotify_init(0xf00, 0x40000)
fanotify_mark(r1, 0x105, 0x4000997d, r0, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x80000, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}}, 0x1, 0x0, &(0x7f0000001680))

4.607437819s ago: executing program 5 (id=1138):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x109001, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETPERSIST(r0, 0x400454c9, 0x200000000000001)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1)
ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0)

4.605318982s ago: executing program 8 (id=1139):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f0000006140)={[{@rodir}, {@rodir}, {@rodir}, {@shortname_win95}, {@shortname_win95}, {@shortname_lower}, {@uni_xlate}, {@utf8}, {@rodir}, {@shortname_lower}, {@numtail}, {@numtail}]}, 0x1, 0x356, &(0x7f0000000200)="$eJzs3U9oI9UfAPBvdrJJu7C/9vCDRUEYvQladise9NSydGExF5Xgn4MY3K5KUxcaDHYPzdaLeBQ86smbBz142LMIinjz4NUVxD940OOCiyPJTJJpk3a7QnYtfj6H8O1732/ee5mhmU6b15dXYqMWcTmNiLm5SlRXzq/EzUosRhJD12JSbUobAHA83Myy+CPLHbGkMuMpAQAzNnj/f/V0qeXtLw/Lz7z7A8CxV/z8P39YztxBHVdmMiUAYMYm7v8/tKe7tvdX/dXSXwUAAMfVsy+8+NRqI+KZNJ2L2Hyn2+w248lx/+rleD3asR5nYyFuReQXCv2HyuDxwsXG2tk0TXvx82I0+xXdZsRmr9vMrxRWk0F9Pc7FQiwW9cXVRpZlyYXPGmvn0oGIuNYbjB+blW7zZJwqxv/+VKzHcqTx/4n6iIuNteW0eILm5rC+F7E7vm/Rn/9SLMS3r8SVaMel6NcOL2saazvn0vR81thT323W5y6NXoUD74AAAAAAAAAAAAAAAAAAAAAAAMA/spSOLI72v8nG+/csLU3pH+yPk9cX+wPt5vsDZfUssuz3tx5tvpvEnv2B9u/P021W48S9XToAAAAAAAAAAAAAAAAAAAD8a3S2a9Fqt9e3OttXN8pBb6uzfSIi+i1vfP3JF/MxmXOboFqMUepKi6arG60sGSZnyZ6cIkj6gw9bPr4+mnE5pz5axdRp1A/uardPP/jjB+OWB5LhM/81zkli+gKTfdMoB5v/y6d0Jy/UKFi+Tc6NLMsOKt95abIqKhHVOz9whwdZP/jqp9fue6xz5vFBy+dZ7uFHFp678f5Hv2602v2RY3AEa1udW9lGq/h6+sl2cJCUzp9K5EGlfCZUDyvfLYL5iP6hbCXf/fb8/e99c7TRs3LLm1Nyknw5n+7vquVBJR+03DU/bayTU07+GQRnPlxpXd/54ZejVpW+SdioAwAAAAAAAAAAAAAAAAAA7orSZ8ULxYd9Tx5W9cTTs58ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANw94///Xwp2J1qOEvzZi8mu+vpWJ6J2r5cJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/3N8BAAD//zGNaeE=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

4.326440888s ago: executing program 6 (id=1140):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r2, 0xff, 0x30}, 0xc)

4.32608227s ago: executing program 4 (id=1141):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff034}, {0x6, 0x0, 0x0, 0xffffffff}]}, 0x10)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
close_range(r2, 0xffffffffffffffff, 0x0)

3.471188293s ago: executing program 5 (id=1142):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
r1 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679a, 0x400, 0x2000006, 0x3ce}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x2400c0c7, 0x1})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

2.965350716s ago: executing program 5 (id=1144):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x80008, 0x0, 0x0, 0x0, &(0x7f0000000000))
rename(&(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000080)='./file0\x00')

2.857175982s ago: executing program 4 (id=1145):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x891f8000)

2.714537866s ago: executing program 7 (id=1146):
r0 = socket(0x10, 0x80002, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="380000005400e5012abd7000ffffffff07000000", @ANYRES32=r2], 0x38}, 0x1, 0x0, 0x0, 0x2800}, 0x40084c0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

2.659050369s ago: executing program 6 (id=1147):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000ac0)={0x84, &(0x7f00000006c0)=ANY=[@ANYBLOB="520a0100000036"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000580)={0x34, &(0x7f00000003c0)={0x40, 0xd77642d16aae6a8a}, 0x0, 0x0, 0x0, 0x0, 0x0})

2.33020597s ago: executing program 8 (id=1148):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000600), 0x1, 0x59d, &(0x7f0000001100)="$eJzs3c9vFGUfAPDvs7stlAItb97kfZGDTUiERG1pwWiMiRDx5sEfJJ5IrG0hhAUaWhNBjJDgf6B/gIk3E2M8EmOIevHqzcSriSESA714WzO7s2WB3f7cMsh8PsnQ55mnk+8zu3z7zDw7MxtAaY1l/1Qi9kbEfIoY6WirRd441vq9u3euzCzduTKTotF4568UKV/X/v2U/xzON94eEb/8kOI/1YfjLly6fHa6Xp+7mNcnFs/NTyxcuvz8mXPTp+dOz52fmnxx8oUjh6eOHOrLfu6KiJ/Gj9eun3pt3zczX+755LuvbqQ4Gjvz9s796JexGFt+TTplr+tL/Q5WkGq+P51vcaoV2CHWpf3+DUTE/2IkqnHvzRuJT98qtHPAlmqkiAZQUkn+Q0m1jwOy89/2UuwRCfCo3D7WmgC4m1pze0vL+V9rzQ3G9ubcwI6lFJ3TOiki+jEzl8WYfyaNZEts0Twc0N3VaxHx/27jf2rm5mhzFj/L/8p9+V+JiDfzn9n6tzcYf+yBuvyHR2cz+f9eR/6/v8H48h8AAAAAAAD65+axiHiu2+d/leXrf6LL9T/DEXG0D/FX//yvcqsPYYAubh+LeCUi2tf+LXXkf260mtd2Na8HGEinztTnDkXE7og4GAPbsvrkCjHG9v080LOt4/q/bMnit68FzPtxq7bt/m1mpxenN7PPQMvtaxFP1brlf1oe/1OX8T8b++fXGKNx/NUfe7Wtnv/AVml8EXGg6/h/78kVaeXnc0w0jwcm2kcFD/vo5I1ve8WX/1CcbPzfsXL+j6bO5/UsrD/Gx3/+ton87378P5hONB85M5iv+3B6cfHiZMRgeuPh9VPr7zM8idr50M6XLP8P7u9+/r/S8f9QRFxdY8wT379+vVeb8R+KM3QtYnZd4//6C/vf/fzvXvHXNv4faY7pB/M15v9gZWtN0KL7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/RpWI2BmpMr5crlTGxyOGI+K/saNSv7Cw+OypCx+cn83amt//X2l/0+9Iq57a3/8/2lGfeqB+OCL2RMRn1aFmfXzmQn226J0HAAAAAAAAAAAAAAAAAACAx8Rwj/v/M39Ui+4dsOVqRXcAKIz8h/KS/1Be8h/KS/5Decl/KC/5D+Ul/6G85D+UV7Xx9cmi+wAAAAAAAPTNnqdv/poi4urLQ80lM5i3DRTaM2CrHS26A0BhPOIHysulf1Beq53jmwOAJ19apX37hrcEAAAAAAAAAAAAAPrlwF73/0NZVYruAFCY3vf/ezIAPOnc/w/l5RwfcP8/AAAAAAAAAAAAADz+Fi5dPjtdr89d3Ghh2+Y2V1BYa+H33a3/s49Lf9ZfiNSHjHtEhaL/MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG3/BAAA//9r5fVk")
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
write$binfmt_register(r0, &(0x7f0000000140)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x2007, 0x3a, '\r', 0x3a, '\x84\xa3\xea\xd6O\x89|\xeb\x80\xf0\xe96\xf4`&\xd4E\xe7L\x82n;H\xd8\xdf\x9a, \\E\xd4\xab\x1ed', 0x3a, './file2', 0x3a, [0x46]}, 0x4b)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1258438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))

2.113247514s ago: executing program 4 (id=1149):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x208c, 0x103)
mknod$loop(&(0x7f0000000140)='./file7\x00', 0x2000, 0x0)

1.791527102s ago: executing program 7 (id=1150):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x4e24, @empty}}, 0x27c0}, 0x90)

1.599907608s ago: executing program 4 (id=1151):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.310284644s ago: executing program 7 (id=1152):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f00000002c0)={&(0x7f0000000100)="de", 0x1})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f00000000c0)={&(0x7f0000000000)="92", 0x1, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(r1, 0xc00464be, &(0x7f0000000300)={r2})

982.30841ms ago: executing program 4 (id=1153):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xc, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x8}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

913.476468ms ago: executing program 7 (id=1154):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x44, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x56}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

520.096432ms ago: executing program 7 (id=1155):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0xf0})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f000055c000/0x4000)=nil, &(0x7f0000339000/0x1000)=nil, 0x4000})

132.59551ms ago: executing program 4 (id=1156):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x5a, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0xa, 0x0, 0x40}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}, @NFQA_CFG_QUEUE_MAXLEN={0x0, 0x3, 0x1, 0x0, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40858}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x2, 0x3, 0x3}, 0x14}}, 0x0)

0s ago: executing program 7 (id=1157):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000340)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x6, 0x0, 0x0, 0x0, 0x28, {[@window={0x9, 0x3}]}}}}}}, 0x3a)

kernel console output (not intermixed with test programs):

0: can't read capabilities
[  284.698079][ T8574] F2FS-fs (loop5): invalid crc value
[  284.991947][ T8582] loop6: detected capacity change from 0 to 40427
[  285.080354][ T8582] F2FS-fs (loop6): build fault injection rate: 771
[  285.107216][ T8582] F2FS-fs (loop6): invalid crc value
[  285.245093][ T8574] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  285.288526][ T8574] F2FS-fs (loop5): Start checkpoint disabled!
[  285.676358][ T8582] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  285.835507][ T8600] loop4: detected capacity change from 0 to 32768
[  286.536973][ T8600] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  286.537028][ T8600]   allowing incompatible features above 0.0: (unknown version)
[  286.537052][ T8600]   features: 
[  286.687592][ T8600] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  286.784893][ T8600] bcachefs (loop4): initializing new filesystem
[  286.844370][ T8600] bcachefs (loop4): going read-write
[  286.860380][ T1205] usb 9-1: USB disconnect, device number 2
[  287.021518][ T8600] bcachefs (loop4): marking superblocks
[  287.068460][  T912] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  287.252076][ T8600] bcachefs (loop4): initializing freespace
[  287.267947][ T8651] loop7: detected capacity change from 0 to 1024
[  287.287831][ T8600] bcachefs (loop4): done initializing freespace
[  287.330970][ T8600] bcachefs (loop4): reading snapshots table
[  287.376746][ T8600] bcachefs (loop4): reading snapshots done
[  287.425106][  T912] usb 4-1: config index 0 descriptor too short (expected 44306, got 18)
[  287.461464][  T912] usb 4-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  287.481879][ T8651] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  287.545356][  T912] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 140
[  287.615232][  T912] usb 4-1: config 0 has no interface number 0
[  287.627407][ T8600] bcachefs (loop4): done starting filesystem
[  287.632258][  T912] usb 4-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  287.673778][  T912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.734471][  T912] usb 4-1: config 0 descriptor??
[  287.772999][ T8663] loop8: detected capacity change from 0 to 256
[  287.798419][  T912] usb-storage 4-1:0.33: USB Mass Storage device detected
[  287.816048][ T8663] exfat: Deprecated parameter 'namecase'
[  287.844910][ T5932] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  287.868242][ T8663] exfat: Deprecated parameter 'utf8'
[  287.899443][ T5866] bcachefs (loop4): shutting down
[  287.906254][ T5866] bcachefs (loop4): going read-only
[  287.926555][ T5866] bcachefs (loop4): finished waiting for writes to stop
[  287.974158][ T8663] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d)
[  288.027035][ T5866] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3
[  288.054842][ T5932] usb 6-1: Using ep0 maxpacket: 16
[  288.063472][ T5932] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  288.077283][  T912] usb 4-1: USB disconnect, device number 8
[  288.091275][ T7778] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.152126][ T5932] usb 6-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  288.174825][ T5932] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.185651][ T5932] usb 6-1: Product: syz
[  288.189838][ T5932] usb 6-1: Manufacturer: syz
[  288.194472][ T5932] usb 6-1: SerialNumber: syz
[  288.299241][ T5932] usb 6-1: config 0 descriptor??
[  288.343385][ T5932] hub 6-1:0.0: bad descriptor, ignoring hub
[  288.372589][ T5932] hub 6-1:0.0: probe with driver hub failed with error -5
[  288.405782][ T5866] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[  288.429716][ T5932] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  288.462382][ T5866] bcachefs (loop4): clean shutdown complete, journal seq 4
[  288.485732][ T5866] bcachefs (loop4): marking filesystem clean
[  288.860428][ T5866] bcachefs (loop4): shutdown complete
[  289.136130][ T8682] binder: 8681:8682 ioctl 40046205 0 returned -22
[  289.521600][ T8688] loop7: detected capacity change from 0 to 4096
[  289.559354][ T8688] EXT4-fs (loop7): Test dummy encryption mode enabled
[  289.583385][ T8688] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  289.600191][ T8688] System zones: 0-5
[  289.636150][ T8688] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.080809][ T8698] loop6: detected capacity change from 0 to 1024
[  290.125262][ T8698] EXT4-fs: Ignoring removed bh option
[  290.251491][ T8698] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.433321][ T7778] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.539004][ T7618] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.545459][ T5932] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  290.684564][ T5844] usb 6-1: USB disconnect, device number 15
[  290.812805][ T5932] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.866207][ T5932] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  290.917191][ T8708] loop7: detected capacity change from 0 to 128
[  290.934966][ T5932] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  290.994919][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.053330][ T5932] usb 4-1: config 0 descriptor??
[  291.067981][ T5932] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  291.083134][ T5932] dvb-usb: bulk message failed: -22 (3/0)
[  291.128788][ T5932] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  291.154388][ T5932] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  291.219954][ T5932] usb 4-1: media controller created
[  291.253832][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  291.289253][ T8712] loop6: detected capacity change from 0 to 4096
[  291.483611][ T5932] dvb-usb: bulk message failed: -22 (6/0)
[  291.519887][ T8713] loop5: detected capacity change from 0 to 4096
[  291.525028][ T5932] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  291.612020][ T5932] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input20
[  291.689607][ T5932] dvb-usb: schedule remote query interval to 150 msecs.
[  291.760365][ T5932] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  291.818404][ T8712] ntfs3(loop6): ino=5, "/" mi_enum_attr
[  291.884905][ T8712] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  291.916218][ T5932] dvb-usb: bulk message failed: -22 (1/0)
[  291.922080][ T5932] dvb-usb: error while querying for an remote control event.
[  292.154856][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  292.160656][    T9] dvb-usb: error while querying for an remote control event.
[  292.229739][ T8694] loop8: detected capacity change from 0 to 32768
[  292.345827][ T8694] ocfs2: Mounting device (7,8) on (node local, slot 0) with writeback data mode.
[  292.405118][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  292.410926][    T9] dvb-usb: error while querying for an remote control event.
[  292.596196][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  292.602008][    T9] dvb-usb: error while querying for an remote control event.
[  292.720681][   T44] usb 4-1: USB disconnect, device number 9
[  292.838184][ T8734] loop6: detected capacity change from 0 to 256
[  292.905906][ T8734] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  292.978859][   T44] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  292.981730][ T8207] ocfs2: Unmounting device (7,8) on (node local)
[  293.003852][ T8734] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  293.146141][ T8734] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  293.956709][   T44] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  294.138958][ T8760] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  294.174930][   T44] usb 8-1: Using ep0 maxpacket: 16
[  294.194468][   T44] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  294.247084][   T44] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  294.297571][   T44] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  294.361726][   T44] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.414828][ T5939] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  294.453841][   T44] usb 8-1: config 0 descriptor??
[  294.578865][ T5939] usb 9-1: config index 0 descriptor too short (expected 44306, got 18)
[  294.619313][ T5939] usb 9-1: config 0 has too many interfaces: 140, using maximum allowed: 32
[  294.665643][ T5939] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 140
[  294.714812][ T5939] usb 9-1: config 0 has no interface number 0
[  294.731106][ T5939] usb 9-1: New USB device found, idVendor=24cf, idProduct=59e4, bcdDevice= 9.22
[  294.792662][ T5939] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.898400][ T8742] raw-gadget.0 gadget.7: fail, usb_ep_set_halt returned -11
[  294.916260][ T5939] usb 9-1: config 0 descriptor??
[  294.952658][   T44] usbhid 8-1:0.0: can't add hid device: -71
[  294.977001][ T5939] usb-storage 9-1:0.33: USB Mass Storage device detected
[  295.025751][   T44] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  295.072183][   T44] usb 8-1: USB disconnect, device number 4
[  295.126814][ T8781] netlink: 'syz.4.862': attribute type 13 has an invalid length.
[  295.262471][ T8781] netlink: 'syz.4.862': attribute type 17 has an invalid length.
[  295.365124][ T5939] usb 9-1: USB disconnect, device number 3
[  295.746599][ T8781] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  296.202576][ T8794] loop8: detected capacity change from 0 to 1024
[  296.585365][ T3000] hfsplus: b-tree write err: -5, ino 4
[  296.608850][ T8776] loop6: detected capacity change from 0 to 32768
[  296.738214][ T8776] JBD2: Ignoring recovery information on journal
[  297.008693][ T8776] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  297.084130][   T13] (kworker/u8:1,13,1):ocfs2_check_dir_entry:321 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=72, rec_len=1, name_len=1
[  297.163170][ T5227] udevd[5227]: worker [6106] terminated by signal 33 (Unknown signal 33)
[  297.209651][ T5227] udevd[5227]: worker [6106] failed while handling '/devices/virtual/block/loop6'
[  297.249634][ T8809] loop8: detected capacity change from 0 to 4096
[  297.291021][ T8776] (syz.6.859,8776,1):ocfs2_check_dir_entry:321 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=72, rec_len=1, name_len=1
[  297.393884][ T8776] (syz.6.859,8776,1):ocfs2_prepare_dir_for_insert:4302 ERROR: status = -2
[  297.432489][ T8809] ntfs3(loop8): ino=b, mi_enum_attr
[  297.443410][ T8776] (syz.6.859,8776,1):__ocfs2_prepare_orphan_dir:2183 ERROR: status = -2
[  297.467167][ T8809] ntfs3(loop8): Mark volume as dirty due to NTFS errors
[  297.484903][ T8776] (syz.6.859,8776,0):ocfs2_prepare_orphan_dir:2227 ERROR: status = -2
[  297.510478][ T8809] ntfs3(loop8): Failed to load $Extend (-22).
[  297.515507][ T8776] (syz.6.859,8776,0):ocfs2_prepare_orphan_dir:2243 ERROR: status = -2
[  297.565002][ T8809] ntfs3(loop8): Failed to initialize $Extend.
[  297.615016][ T8776] (syz.6.859,8776,0):ocfs2_add_inode_to_orphan:2678 ERROR: status = -2
[  297.623341][ T8776] (syz.6.859,8776,0):ocfs2_dio_wr_get_block:2188 ERROR: status = -2
[  297.715394][ T8776] (syz.6.859,8776,0):ocfs2_dio_end_io:2400 ERROR: Direct IO failed, bytes = -2
[  297.717555][ T8809] ntfs3(loop8): ino=1e, "file1" attr_set_size
[  297.750536][ T8791] loop7: detected capacity change from 0 to 32768
[  297.884404][ T8816] loop4: detected capacity change from 0 to 2048
[  297.904883][ T8791] (syz.7.865,8791,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  297.950141][ T8816] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  297.991128][ T8791] (syz.7.865,8791,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  298.099053][ T7618] ocfs2: Unmounting device (7,6) on (node local)
[  298.113122][ T8791] JBD2: Ignoring recovery information on journal
[  298.156910][ T8816] UDF-fs: warning (device loop4): udf_truncate_tail_extent: Too long extent after EOF in inode 1367: i_size: 3200 lbcount: 4096 extent 56+4096
[  298.189209][ T8823] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  298.702570][ T8825] loop8: detected capacity change from 0 to 40427
[  298.710439][ T8825] F2FS-fs: heap/no_heap options were deprecated
[  298.732492][ T8825] F2FS-fs (loop8): build fault injection rate: 19
[  298.739035][ T8825] F2FS-fs (loop8): build fault injection type: 0x3bfe8c
[  298.749619][ T8825] F2FS-fs (loop8): invalid crc value
[  298.764829][ T8791] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  298.805590][ T8825] F2FS-fs (loop8): inject page alloc in f2fs_grab_cache_folio of __f2fs_build_free_nids+0x207/0xfe0
[  298.881742][ T8825] F2FS-fs (loop8): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_get_node_info+0xd42/0x11e0
[  298.898144][ T8825] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  298.923745][ T8825] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  299.037864][ T8825] F2FS-fs (loop8): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_get_node_info+0xd42/0x11e0
[  299.089514][ T8825] F2FS-fs (loop8): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x24d/0xc30
[  299.102070][ T8825] F2FS-fs (loop8): inject checkpoint error in f2fs_balance_fs of f2fs_write_single_data_page+0x10ef/0x1900
[  299.113772][ T8825] syz.8.877: attempt to access beyond end of device
[  299.113772][ T8825] loop8: rw=2049, sector=45096, nr_sectors = 32 limit=40427
[  299.131208][ T8825] CPU: 0 UID: 0 PID: 8825 Comm: syz.8.877 Not tainted syzkaller #0 PREEMPT(full) 
[  299.131269][ T8825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  299.131298][ T8825] Call Trace:
[  299.131314][ T8825]  <TASK>
[  299.131355][ T8825]  dump_stack_lvl+0x16c/0x1f0
[  299.131431][ T8825]  f2fs_handle_critical_error+0x624/0x9f0
[  299.131517][ T8825]  f2fs_balance_fs+0x7fa/0xac0
[  299.131603][ T8825]  ? f2fs_write_single_data_page+0x10ef/0x1900
[  299.131679][ T8825]  ? __pfx_f2fs_balance_fs+0x10/0x10
[  299.131755][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.131811][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.131861][ T8825]  ? do_raw_spin_lock+0x12c/0x2b0
[  299.131907][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.131959][ T8825]  ? find_held_lock+0x2b/0x80
[  299.132014][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.132079][ T8825]  f2fs_write_single_data_page+0x10ef/0x1900
[  299.132167][ T8825]  ? __pfx_f2fs_write_single_data_page+0x10/0x10
[  299.132265][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.132317][ T8825]  ? folio_clear_dirty_for_io+0x112/0x810
[  299.132379][ T8825]  f2fs_write_cache_pages+0xd85/0x2570
[  299.132476][ T8825]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  299.132554][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.132607][ T8825]  ? do_raw_spin_lock+0x12c/0x2b0
[  299.132651][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.132789][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.132837][ T8825]  ? read_node_folio+0x220/0x340
[  299.132880][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.132935][ T8825]  f2fs_write_data_pages+0x4ad/0xd90
[  299.133007][ T8825]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  299.133086][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.133133][ T8825]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  299.133197][ T8825]  do_writepages+0x27a/0x600
[  299.133253][ T8825]  ? __pfx_do_writepages+0x10/0x10
[  299.133301][ T8825]  ? do_raw_spin_unlock+0x172/0x230
[  299.133344][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.133391][ T8825]  ? _raw_spin_unlock+0x28/0x50
[  299.133442][ T8825]  filemap_fdatawrite_wbc+0x104/0x160
[  299.133493][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.133544][ T8825]  __filemap_fdatawrite_range+0xb9/0x100
[  299.133615][ T8825]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  299.133740][ T8825]  ? __pfx_truncate_nodes+0x10/0x10
[  299.133781][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.133828][ T8825]  ? __get_node_folio.part.0+0x50a/0x16f0
[  299.133886][ T8825]  file_write_and_wait_range+0xca/0x140
[  299.133957][ T8825]  f2fs_do_sync_file+0x2c6/0x1c50
[  299.134022][ T8825]  ? __pfx_f2fs_do_sync_file+0x10/0x10
[  299.134070][ T8825]  ? __pfx_f2fs_truncate_inode_blocks+0x10/0x10
[  299.134173][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.134219][ T8825]  ? do_raw_spin_unlock+0x172/0x230
[  299.134262][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.134309][ T8825]  ? _raw_spin_unlock+0x28/0x50
[  299.134352][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.134398][ T8825]  ? f2fs_inode_dirtied+0x12e/0x4f0
[  299.134440][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.134487][ T8825]  ? find_held_lock+0x2b/0x80
[  299.134541][ T8825]  f2fs_sync_file+0x13a/0x1a0
[  299.134605][ T8825]  ? __pfx_f2fs_sync_file+0x10/0x10
[  299.134653][ T8825]  vfs_fsync_range+0x139/0x220
[  299.134699][ T8825]  f2fs_file_write_iter+0x12de/0x25c0
[  299.134781][ T8825]  ? __pfx_f2fs_file_write_iter+0x10/0x10
[  299.134846][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.134891][ T8825]  ? __lock_acquire+0xb97/0x1ce0
[  299.134959][ T8825]  do_iter_readv_writev+0x662/0x9e0
[  299.135021][ T8825]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  299.135078][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.135137][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.135194][ T8825]  vfs_writev+0x35f/0xde0
[  299.135262][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.135306][ T8825]  ? __lock_acquire+0x62e/0x1ce0
[  299.135371][ T8825]  ? __pfx_vfs_writev+0x10/0x10
[  299.135425][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.135481][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.135549][ T8825]  ? __fget_files+0x20e/0x3c0
[  299.135608][ T8825]  ? do_pwritev+0x1a6/0x270
[  299.135656][ T8825]  do_pwritev+0x1a6/0x270
[  299.135712][ T8825]  ? __pfx_do_pwritev+0x10/0x10
[  299.135770][ T8825]  ? srso_alias_return_thunk+0x5/0xfbef5
[  299.135814][ T8825]  ? xfd_validate_state+0x61/0x180
[  299.135886][ T8825]  __x64_sys_pwritev2+0xef/0x160
[  299.135930][ T8825]  do_syscall_64+0xcd/0x4c0
[  299.135989][ T8825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.136028][ T8825] RIP: 0033:0x7faf50b8ebe9
[  299.136059][ T8825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.136097][ T8825] RSP: 002b:00007faf51a74038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  299.136131][ T8825] RAX: ffffffffffffffda RBX: 00007faf50db5fa0 RCX: 00007faf50b8ebe9
[  299.136157][ T8825] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000004
[  299.136180][ T8825] RBP: 00007faf50c11e19 R08: 0000000000000000 R09: 0000000000000000
[  299.136204][ T8825] R10: 0000000000000e7b R11: 0000000000000246 R12: 0000000000000000
[  299.136230][ T8825] R13: 00007faf50db6038 R14: 00007faf50db5fa0 R15: 00007fff6dd50038
[  299.136281][ T8825]  </TASK>
[  299.650868][ T8825] F2FS-fs (loop8): Stopped filesystem due to reason: 1
[  299.812377][ T7778] ocfs2: Unmounting device (7,7) on (node local)
[  300.054022][ T8820] loop3: detected capacity change from 0 to 32768
[  300.202530][ T8820] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  300.299659][ T8844] netlink: 348 bytes leftover after parsing attributes in process `syz.4.883'.
[  300.495026][   T44] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  300.646201][ T5863] ocfs2: Unmounting device (7,3) on (node local)
[  300.695225][   T44] usb 8-1: Using ep0 maxpacket: 16
[  300.703206][   T44] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  300.807991][   T44] usb 8-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  300.850843][   T44] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.892846][   T44] usb 8-1: Product: syz
[  300.913163][   T44] usb 8-1: Manufacturer: syz
[  300.934957][   T44] usb 8-1: SerialNumber: syz
[  301.004300][   T44] usb 8-1: config 0 descriptor??
[  301.041969][   T44] hub 8-1:0.0: bad descriptor, ignoring hub
[  301.068347][   T44] hub 8-1:0.0: probe with driver hub failed with error -5
[  301.103623][   T44] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  301.184320][ T8857] loop4: detected capacity change from 0 to 256
[  301.261234][ T8857] exfat: Deprecated parameter 'namecase'
[  301.372447][ T8857] exfat: Deprecated parameter 'utf8'
[  301.468568][ T8857] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d)
[  301.594145][    T9] usb 8-1: USB disconnect, device number 5
[  301.801004][ T8868] loop3: detected capacity change from 0 to 2048
[  301.861516][ T8868] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  304.102497][ T8898] loop5: detected capacity change from 0 to 2048
[  304.220816][ T8898] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  304.316273][ T8898] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  304.522356][ T8898] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  304.858362][ T8877] loop6: detected capacity change from 0 to 32768
[  304.951767][ T8877] (syz.6.897,8877,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  305.070668][ T8877] (syz.6.897,8877,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  305.132207][ T8886] loop7: detected capacity change from 0 to 262144
[  305.144100][ T8886] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.900 (8886)
[  305.183740][ T8886] BTRFS info (device loop7): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  305.194639][ T8886] BTRFS info (device loop7): using xxhash64 (xxhash64-generic) checksum algorithm
[  305.275511][ T8877] workqueue: Failed to create a rescuer kthread for wq "ocfs2_wq": -EINTR
[  305.283464][ T8877] (syz.6.897,8877,0):ocfs2_initialize_super:2229 ERROR: status = -12
[  305.323724][ T8877] (syz.6.897,8877,1):ocfs2_fill_super:1177 ERROR: status = -12
[  305.449027][ T8886] BTRFS info (device loop7): enabling ssd optimizations
[  305.456110][ T8886] BTRFS info (device loop7): enabling free space tree
[  305.463633][ T8886] BTRFS info (device loop7): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  305.557742][ T8919] loop5: detected capacity change from 0 to 256
[  305.822974][ T8891] loop4: detected capacity change from 0 to 32768
[  306.166718][ T8891] JBD2: journal reset failed
[  306.171393][ T8891] (syz.4.902,8891,1):ocfs2_journal_load:1167 ERROR: Failed to load journal!
[  306.234870][ T8891] (syz.4.902,8891,0):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -4
[  307.195627][  T912] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  307.271189][   T44] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  307.447675][  T912] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  307.484817][  T912] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  307.534893][  T912] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  307.544198][   T44] usb 6-1: Using ep0 maxpacket: 16
[  307.566746][   T44] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  307.587766][  T912] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.646128][   T44] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  307.667229][  T912] usb 7-1: config 0 descriptor??
[  307.687662][   T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.696978][  T912] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  307.708978][  T912] dvb-usb: bulk message failed: -22 (3/0)
[  307.731956][   T44] usb 6-1: config 0 descriptor??
[  307.776614][  T912] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  307.807110][   T44] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input21
[  307.876863][  T912] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  307.912488][  T912] usb 7-1: media controller created
[  307.946286][  T912] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  308.041637][  T912] dvb-usb: bulk message failed: -22 (6/0)
[  308.094270][  T912] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  308.116902][ T8956] loop3: detected capacity change from 0 to 1024
[  308.164817][  T912] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input22
[  308.186543][ T8956] EXT4-fs: Ignoring removed nomblk_io_submit option
[  308.256768][ T5212] bcm5974 6-1:0.0: could not read from device
[  308.264813][   T44] usb 6-1: USB disconnect, device number 16
[  308.293431][  T912] dvb-usb: schedule remote query interval to 150 msecs.
[  308.339262][  T912] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  308.506087][  T912] dvb-usb: bulk message failed: -22 (1/0)
[  308.516119][ T8956] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  308.532770][  T912] dvb-usb: error while querying for an remote control event.
[  308.733878][ T8963] loop4: detected capacity change from 0 to 1024
[  308.740390][  T912] dvb-usb: bulk message failed: -22 (1/0)
[  308.761286][ T8963] EXT4-fs: Ignoring removed bh option
[  308.768935][  T912] dvb-usb: error while querying for an remote control event.
[  308.890303][ T8963] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  308.985545][  T912] dvb-usb: bulk message failed: -22 (1/0)
[  309.034953][  T912] dvb-usb: error while querying for an remote control event.
[  309.083471][ T5863] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.171735][ T5866] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.225277][  T912] dvb-usb: bulk message failed: -22 (1/0)
[  309.231074][  T912] dvb-usb: error while querying for an remote control event.
[  309.294685][  T912] usb 7-1: USB disconnect, device number 3
[  309.345122][   T44] page_pool_release_retry() stalled pool shutdown: id 37, 1 inflight 60 sec
[  309.459112][  T912] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  310.705488][ T8986] loop8: detected capacity change from 0 to 4096
[  310.784845][ T8986] EXT4-fs (loop8): Test dummy encryption mode enabled
[  310.862373][ T8986] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  310.935469][ T8986] System zones: 0-5
[  310.957666][ T8988] loop6: detected capacity change from 0 to 1024
[  310.999342][ T8986] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  311.092289][ T8979] loop4: detected capacity change from 0 to 32768
[  311.308719][ T8979] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  311.436410][ T8973] loop7: detected capacity change from 0 to 32768
[  311.502472][   T30] audit: type=1800 audit(1755883537.944:292): pid=8979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.924" name="file1" dev="loop4" ino=9553 res=0 errno=0
[  311.555802][ T8973] debugfs: '0700000000000000B33B244AAB9EB3E9' already exists in 'ocfs2'
[  311.582277][ T8974] loop5: detected capacity change from 0 to 32768
[  311.762735][ T8973] ocfs2: Mounting device (7,7) on (node local, slot 0) with writeback data mode.
[  311.792546][ T8974] read_mapping_page failed!
[  311.814075][   T13] hfsplus: b-tree write err: -5, ino 3
[  311.872174][ T8974] bread failed!
[  311.917827][   T30] audit: type=1800 audit(1755883538.364:293): pid=8973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.926" name="file1" dev="loop7" ino=9553 res=0 errno=0
[  312.217761][ T8207] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.328555][ T9002] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  312.337362][ T7778] ocfs2: Unmounting device (7,7) on (node local)
[  312.350085][ T5866] ocfs2: Unmounting device (7,4) on (node local)
[  313.274968][    T9] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  313.509232][    T9] usb 7-1: Using ep0 maxpacket: 32
[  313.519241][    T9] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  313.548752][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.628213][    T9] usb 7-1: config 0 descriptor??
[  313.864355][ T9022] netlink: 64 bytes leftover after parsing attributes in process `syz.5.943'.
[  313.921070][    T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  313.940568][ T9023] netlink: 'syz.3.942': attribute type 21 has an invalid length.
[  313.979604][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  314.040722][    T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  314.090178][    T9] usb 7-1: media controller created
[  314.231241][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  314.394953][    T9] az6027: usb out operation failed. (-71)
[  314.414896][ T1205] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  314.443318][    T9] az6027: usb out operation failed. (-71)
[  314.469098][    T9] stb0899_attach: Driver disabled by Kconfig
[  314.487547][    T9] az6027: no front-end attached
[  314.487547][    T9] 
[  314.505622][    T9] az6027: usb out operation failed. (-71)
[  314.514871][    T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  314.543512][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input23
[  314.594874][ T1205] usb 5-1: Using ep0 maxpacket: 16
[  314.609955][    T9] dvb-usb: schedule remote query interval to 400 msecs.
[  314.647587][ T1205] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  314.677862][    T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  314.735017][ T1205] usb 5-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  314.768399][    T9] usb 7-1: USB disconnect, device number 4
[  314.776988][ T1205] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.826880][ T1205] usb 5-1: Product: syz
[  314.853133][ T1205] usb 5-1: Manufacturer: syz
[  314.864217][ T1205] usb 5-1: SerialNumber: syz
[  314.902979][ T1205] usb 5-1: config 0 descriptor??
[  314.927908][ T1205] hub 5-1:0.0: bad descriptor, ignoring hub
[  314.970909][ T1205] hub 5-1:0.0: probe with driver hub failed with error -5
[  314.997153][ T9033] loop6: detected capacity change from 0 to 128
[  315.027606][ T1205] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  315.138547][    T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  315.169440][ T9033] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  315.379400][ T9019] loop7: detected capacity change from 0 to 32768
[  315.383818][ T1205] usb 5-1: USB disconnect, device number 8
[  315.621379][ T6217] udevd[6217]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  315.694148][ T9019] ocfs2: Mounting device (7,7) on (node local, slot 0) with writeback data mode.
[  315.841769][   T30] audit: type=1800 audit(1755883542.284:294): pid=9019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.951" name="file1" dev="loop7" ino=9553 res=0 errno=0
[  316.212949][ T9047] loop4: detected capacity change from 0 to 128
[  316.267052][ T9047] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  316.385677][   T44] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  316.388579][ T9047] ext4 filesystem being mounted at /187/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  316.511318][ T9051] loop8: detected capacity change from 0 to 512
[  316.594688][   T44] usb 7-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c
[  316.598019][ T7778] ocfs2: Unmounting device (7,7) on (node local)
[  316.612935][   T44] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.643577][ T9028] loop5: detected capacity change from 0 to 40427
[  316.676798][ T9051] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  316.696281][ T9028] F2FS-fs (loop5): Invalid log blocks per segment (4278190089)
[  316.703923][   T44] usb 7-1: Product: syz
[  316.754811][   T44] usb 7-1: Manufacturer: syz
[  316.760658][   T44] usb 7-1: SerialNumber: syz
[  316.761047][ T9028] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  316.773066][   T44] usb 7-1: config 0 descriptor??
[  316.778672][ T9051] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  316.873803][   T30] audit: type=1800 audit(1755883543.314:295): pid=9051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.953" name="file1" dev="loop8" ino=15 res=0 errno=0
[  316.922110][ T9028] F2FS-fs (loop5): invalid crc value
[  316.929994][ T9051] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  316.971921][   T30] audit: type=1800 audit(1755883543.354:296): pid=9051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.953" name="file2" dev="loop8" ino=16 res=0 errno=0
[  317.080513][ T5866] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  317.246039][ T8207] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.282630][ T9037] loop3: detected capacity change from 0 to 32768
[  317.389887][ T9037] JBD2: Ignoring recovery information on journal
[  317.413486][ T9028] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  317.458090][   T44] asix 7-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  317.659140][   T44] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  317.675518][ T9037] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  317.746043][   T44] asix 7-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  317.768810][ T2965] (kworker/u8:6,2965,0):ocfs2_check_dir_entry:321 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=72, rec_len=1, name_len=1
[  317.805433][   T44] asix 7-1:0.0: probe with driver asix failed with error -71
[  317.870844][   T44] usb 7-1: USB disconnect, device number 5
[  317.983163][ T9037] (syz.3.949,9037,0):ocfs2_check_dir_entry:321 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=72, rec_len=1, name_len=1
[  318.028331][ T9037] (syz.3.949,9037,0):ocfs2_prepare_dir_for_insert:4302 ERROR: status = -2
[  318.094955][ T9037] (syz.3.949,9037,0):__ocfs2_prepare_orphan_dir:2183 ERROR: status = -2
[  318.135078][ T9037] (syz.3.949,9037,0):ocfs2_prepare_orphan_dir:2227 ERROR: status = -2
[  318.177046][ T9037] (syz.3.949,9037,0):ocfs2_prepare_orphan_dir:2243 ERROR: status = -2
[  318.240649][ T9037] (syz.3.949,9037,0):ocfs2_add_inode_to_orphan:2678 ERROR: status = -2
[  318.315798][ T9037] (syz.3.949,9037,0):ocfs2_dio_wr_get_block:2188 ERROR: status = -2
[  318.360780][ T9037] (syz.3.949,9037,0):ocfs2_dio_end_io:2400 ERROR: Direct IO failed, bytes = -2
[  318.654182][ T5863] ocfs2: Unmounting device (7,3) on (node local)
[  318.968835][ T9061] loop4: detected capacity change from 0 to 32768
[  318.999649][ T9061] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.955 (9061)
[  319.152855][ T9061] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  319.181369][ T9061] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  319.780432][ T9097] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input24
[  319.953035][ T9061] BTRFS info (device loop4): rebuilding free space tree
[  319.954921][ T5932] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  320.118951][ T9061] BTRFS info (device loop4): allowing degraded mounts
[  320.145662][ T5932] usb 9-1: Using ep0 maxpacket: 32
[  320.170113][ T9061] BTRFS info (device loop4): enabling ssd optimizations
[  320.179050][ T5932] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  320.205457][ T9061] BTRFS info (device loop4): enabling free space tree
[  320.214387][ T9061] BTRFS info (device loop4): force clearing of disk cache
[  320.219271][ T5932] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.244822][ T9061] BTRFS info (device loop4): use zstd compression, level 3
[  320.252057][ T9061] BTRFS info (device loop4): max_inline set to 0
[  320.296235][ T5932] usb 9-1: config 0 descriptor??
[  320.549544][ T5932] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  320.605113][ T5866] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  320.622946][ T5932] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  320.657940][ T5932] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  320.681594][ T5932] usb 9-1: media controller created
[  320.800430][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  320.910664][ T5932] az6027: usb out operation failed. (-71)
[  320.939967][ T5932] az6027: usb out operation failed. (-71)
[  320.959296][ T5932] stb0899_attach: Driver disabled by Kconfig
[  320.979337][ T5932] az6027: no front-end attached
[  320.979337][ T5932] 
[  321.014946][ T5932] az6027: usb out operation failed. (-71)
[  321.051396][ T5932] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  321.084303][ T5932] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input25
[  321.175311][ T5932] dvb-usb: schedule remote query interval to 400 msecs.
[  321.201678][ T5932] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  321.265843][ T5932] usb 9-1: USB disconnect, device number 4
[  321.415022][   T44] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  321.559383][ T5932] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  321.645860][   T44] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  321.685198][   T44] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  321.743373][   T44] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  321.785382][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.860220][ T9122] loop8: detected capacity change from 0 to 256
[  321.886659][ T9122] exfat: Deprecated parameter 'utf8'
[  321.995192][ T9122] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  322.095369][   T44] usb 5-1: usb_control_msg returned -32
[  322.124819][   T44] usbtmc 5-1:16.0: can't read capabilities
[  322.184530][ T9112] loop6: detected capacity change from 0 to 32768
[  322.329056][ T9112] ocfs2: Mounting device (7,6) on (node local, slot 0) with writeback data mode.
[  322.343706][ T9109] loop5: detected capacity change from 0 to 40427
[  322.406018][   T30] audit: type=1800 audit(1755883548.854:297): pid=9112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.966" name="file1" dev="loop6" ino=9553 res=0 errno=0
[  322.426469][ T9109] F2FS-fs (loop5): invalid crc value
[  322.604108][ T9120] loop7: detected capacity change from 0 to 32768
[  322.650613][ T9120] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  322.840562][ T9109] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  322.893094][ T9120] XFS (loop7): Ending clean mount
[  322.922540][ T9109] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  323.108891][ T7618] ocfs2: Unmounting device (7,6) on (node local)
[  323.396591][ T5862] syz-executor: attempt to access beyond end of device
[  323.396591][ T5862] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  323.442168][ T5862] CPU: 1 UID: 0 PID: 5862 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  323.442216][ T5862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  323.442240][ T5862] Call Trace:
[  323.442252][ T5862]  <TASK>
[  323.442266][ T5862]  dump_stack_lvl+0x16c/0x1f0
[  323.442326][ T5862]  f2fs_handle_critical_error+0x624/0x9f0
[  323.442389][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.442436][ T5862]  ? f2fs_build_fault_attr+0x53/0x1f0
[  323.442491][ T5862]  f2fs_write_end_io+0x958/0xcf0
[  323.442552][ T5862]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  323.442618][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.442678][ T5862]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  323.442730][ T5862]  bio_endio+0x6bf/0x800
[  323.442797][ T5862]  submit_bio_noacct+0x306/0x1ed0
[  323.442855][ T5862]  __submit_merged_bio+0x33c/0x770
[  323.442917][ T5862]  __submit_merged_write_cond+0x319/0x3f0
[  323.442989][ T5862]  f2fs_write_cache_pages+0x2067/0x2570
[  323.443086][ T5862]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  323.443156][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.443202][ T5862]  ? __lock_acquire+0x62e/0x1ce0
[  323.443274][ T5862]  ? __pfx_stack_trace_save+0x10/0x10
[  323.443356][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.443427][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.443522][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.443584][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.443642][ T5862]  f2fs_write_data_pages+0x4ad/0xd90
[  323.443714][ T5862]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  323.443774][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.443834][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.443887][ T5862]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  323.443954][ T5862]  do_writepages+0x27a/0x600
[  323.444014][ T5862]  ? __pfx_do_writepages+0x10/0x10
[  323.444062][ T5862]  ? do_raw_spin_unlock+0x172/0x230
[  323.444106][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.444152][ T5862]  ? _raw_spin_unlock+0x28/0x50
[  323.444205][ T5862]  filemap_fdatawrite_wbc+0x104/0x160
[  323.444262][ T5862]  __filemap_fdatawrite_range+0xb9/0x100
[  323.444329][ T5862]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  323.444463][ T5862]  ? find_held_lock+0x2b/0x80
[  323.444513][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.444560][ T5862]  ? do_raw_spin_unlock+0x172/0x230
[  323.444608][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.444662][ T5862]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  323.444754][ T5862]  block_operations+0x2b0/0xfe0
[  323.444826][ T5862]  ? __pfx___schedule+0x10/0x10
[  323.444879][ T5862]  ? __pfx_block_operations+0x10/0x10
[  323.445011][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.445058][ T5862]  ? down_write+0x14d/0x200
[  323.445117][ T5862]  ? __pfx_down_write+0x10/0x10
[  323.445178][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.445224][ T5862]  ? rcu_is_watching+0x12/0xc0
[  323.445283][ T5862]  f2fs_write_checkpoint+0x2b8/0x4c60
[  323.445330][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.445377][ T5862]  ? kfree+0x2b4/0x4d0
[  323.445425][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.445476][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.445520][ T5862]  ? rcu_is_watching+0x12/0xc0
[  323.445567][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.445620][ T5862]  ? kthread_stop+0x273/0x630
[  323.445664][ T5862]  kill_f2fs_super+0x3c2/0x470
[  323.445704][ T5862]  ? __pfx_kill_f2fs_super+0x10/0x10
[  323.445739][ T5862]  ? lockdep_hardirqs_on+0x7c/0x110
[  323.445815][ T5862]  deactivate_locked_super+0xc1/0x1a0
[  323.445877][ T5862]  deactivate_super+0xde/0x100
[  323.445938][ T5862]  cleanup_mnt+0x225/0x450
[  323.446005][ T5862]  task_work_run+0x150/0x240
[  323.446051][ T5862]  ? __pfx_task_work_run+0x10/0x10
[  323.446091][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  323.446141][ T5862]  ? __pfx___x64_sys_umount+0x10/0x10
[  323.446192][ T5862]  exit_to_user_mode_loop+0xeb/0x110
[  323.446237][ T5862]  do_syscall_64+0x3f6/0x4c0
[  323.446291][ T5862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.446329][ T5862] RIP: 0033:0x7fef0c38ff17
[  323.446360][ T5862] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  323.446399][ T5862] RSP: 002b:00007ffee0aead38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  323.446432][ T5862] RAX: 0000000000000000 RBX: 00007fef0c411c05 RCX: 00007fef0c38ff17
[  323.446454][ T5862] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee0aeadf0
[  323.446474][ T5862] RBP: 00007ffee0aeadf0 R08: 0000000000000000 R09: 0000000000000000
[  323.446497][ T5862] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee0aebe80
[  323.446521][ T5862] R13: 00007fef0c411c05 R14: 000000000004ee8b R15: 00007ffee0aebec0
[  323.446579][ T5862]  </TASK>
[  323.447913][ T7778] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  323.480324][ T5862] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  324.215152][   T44] usb 5-1: USB disconnect, device number 9
[  324.226087][ T1205] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  324.407027][ T1205] usb 7-1: config 9 has an invalid interface number: 19 but max is 0
[  324.424941][ T1205] usb 7-1: config 9 has no interface number 0
[  324.431068][ T1205] usb 7-1: config 9 interface 19 altsetting 0 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[  324.494811][ T1205] usb 7-1: config 9 interface 19 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  324.525915][ T1205] usb 7-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=16.3f
[  324.563317][ T9131] loop8: detected capacity change from 0 to 40427
[  324.570054][ T1205] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.597820][ T1205] usb 7-1: Product: syz
[  324.602015][ T1205] usb 7-1: Manufacturer: syz
[  324.624210][ T1205] usb 7-1: SerialNumber: syz
[  324.636760][ T9131] F2FS-fs (loop8): Invalid log blocks per segment (4278190089)
[  324.644344][ T9131] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  324.690644][ T1205] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623
[  324.737191][ T9131] F2FS-fs (loop8): invalid crc value
[  325.314863][ T9131] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  325.373947][ T9131] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  325.382328][ T9131] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  325.501181][ T1205] input: gspca_pac7302 as /devices/platform/dummy_hcd.6/usb7/7-1/input/input26
[  325.581903][ T5876] Bluetooth: hci5: link tx timeout
[  325.588715][ T5876] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  325.750830][ T1205] usb 7-1: USB disconnect, device number 6
[  325.998173][ T9170] netlink: 8 bytes leftover after parsing attributes in process `syz.5.983'.
[  326.039668][ T9170] netlink: 12 bytes leftover after parsing attributes in process `syz.5.983'.
[  326.871532][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  326.877973][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  327.518409][ T9173] loop4: detected capacity change from 0 to 40427
[  327.551700][ T9173] F2FS-fs (loop4): invalid crc value
[  327.665070][ T5869] Bluetooth: hci5: command 0x0406 tx timeout
[  327.792820][ T9173] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  327.809416][ T9173] F2FS-fs (loop4): Start checkpoint disabled!
[  327.830413][ T9173] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  327.962147][   T30] audit: type=1800 audit(1755883554.404:298): pid=9173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.984" name="file1" dev="loop4" ino=10 res=0 errno=0
[  328.079861][   T30] audit: type=1800 audit(1755883554.524:299): pid=9192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.984" name="file1" dev="loop4" ino=10 res=0 errno=0
[  328.103376][ T9192] syz.4.984: attempt to access beyond end of device
[  328.103376][ T9192] loop4: rw=2049, sector=77824, nr_sectors = 704 limit=40427
[  328.163360][ T9173] syz.4.984: attempt to access beyond end of device
[  328.163360][ T9173] loop4: rw=2049, sector=78528, nr_sectors = 96 limit=40427
[  328.305864][ T9192] syz.4.984: attempt to access beyond end of device
[  328.305864][ T9192] loop4: rw=2049, sector=78624, nr_sectors = 800 limit=40427
[  328.494704][ T9194] loop7: detected capacity change from 0 to 4096
[  328.657524][   T12] kworker/u8:0: attempt to access beyond end of device
[  328.657524][   T12] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  328.748047][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[  328.748099][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  328.748126][   T12] Workqueue: writeback wb_workfn (flush-7:4)
[  328.748194][   T12] Call Trace:
[  328.748206][   T12]  <TASK>
[  328.748221][   T12]  dump_stack_lvl+0x16c/0x1f0
[  328.748280][   T12]  f2fs_handle_critical_error+0x624/0x9f0
[  328.748338][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.748388][   T12]  ? f2fs_build_fault_attr+0x53/0x1f0
[  328.748444][   T12]  f2fs_write_end_io+0x958/0xcf0
[  328.748507][   T12]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  328.748577][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.748638][   T12]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  328.748692][   T12]  bio_endio+0x6bf/0x800
[  328.748758][   T12]  submit_bio_noacct+0x306/0x1ed0
[  328.748817][   T12]  __submit_merged_bio+0x33c/0x770
[  328.748880][   T12]  __submit_merged_write_cond+0x319/0x3f0
[  328.748951][   T12]  f2fs_write_cache_pages+0x2067/0x2570
[  328.749053][   T12]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  328.749123][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.749170][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.749217][   T12]  ? find_held_lock+0x2b/0x80
[  328.749269][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.749321][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.749368][   T12]  ? do_raw_spin_unlock+0x172/0x230
[  328.749432][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.749478][   T12]  ? f2fs_available_free_memory+0x279/0xa30
[  328.749621][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.749680][   T12]  f2fs_write_data_pages+0x4ad/0xd90
[  328.749755][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  328.749833][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.749879][   T12]  ? __lock_acquire+0xb97/0x1ce0
[  328.749948][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  328.750015][   T12]  do_writepages+0x27a/0x600
[  328.750079][   T12]  ? __pfx_do_writepages+0x10/0x10
[  328.750127][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.750173][   T12]  ? reacquire_held_locks+0xcd/0x1f0
[  328.750235][   T12]  ? writeback_sb_inodes+0x3b0/0xfa0
[  328.750298][   T12]  __writeback_single_inode+0x160/0xfb0
[  328.750358][   T12]  ? __pfx___writeback_single_inode+0x10/0x10
[  328.750410][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.750457][   T12]  ? do_raw_spin_unlock+0x172/0x230
[  328.750501][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.750562][   T12]  writeback_sb_inodes+0x60d/0xfa0
[  328.750643][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  328.750694][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.750740][   T12]  ? find_held_lock+0x2b/0x80
[  328.750872][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.750921][   T12]  ? rcu_is_watching+0x12/0xc0
[  328.750971][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.751018][   T12]  ? queue_io+0x3f6/0x520
[  328.751072][   T12]  wb_writeback+0x419/0xb70
[  328.751140][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  328.751190][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.751254][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.751301][   T12]  ? mark_held_locks+0x49/0x80
[  328.751406][   T12]  wb_workfn+0x14d/0xbe0
[  328.751468][   T12]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  328.751523][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  328.751594][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.751652][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.751707][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.751755][   T12]  ? rcu_is_watching+0x12/0xc0
[  328.751815][   T12]  process_one_work+0x9cf/0x1b70
[  328.751888][   T12]  ? __pfx_process_one_work+0x10/0x10
[  328.751933][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.751996][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.752045][   T12]  ? assign_work+0x1a0/0x250
[  328.752096][   T12]  worker_thread+0x6c8/0xf10
[  328.752169][   T12]  ? __pfx_worker_thread+0x10/0x10
[  328.752215][   T12]  kthread+0x3c5/0x780
[  328.752257][   T12]  ? __pfx_kthread+0x10/0x10
[  328.752300][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  328.752349][   T12]  ? rcu_is_watching+0x12/0xc0
[  328.752400][   T12]  ? __pfx_kthread+0x10/0x10
[  328.752444][   T12]  ret_from_fork+0x5d7/0x6f0
[  328.752481][   T12]  ? __pfx_kthread+0x10/0x10
[  328.752522][   T12]  ret_from_fork_asm+0x1a/0x30
[  328.752610][   T12]  </TASK>
[  329.210102][   T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  329.241552][ T9182] loop8: detected capacity change from 0 to 40427
[  329.320907][ T9185] loop6: detected capacity change from 0 to 32768
[  329.421511][ T9182] F2FS-fs (loop8): invalid crc value
[  329.585015][   T44] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  329.645759][ T9194] ntfs3(loop7): failed to convert "0000" to iso8859-6
[  329.682204][ T9185] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  329.707398][ T9194] ntfs3(loop7): failed to convert "0030" to iso8859-6
[  329.738405][ T9209] ntfs3(loop7): failed to convert "0000" to iso8859-6
[  329.745633][   T44] usb 4-1: Using ep0 maxpacket: 16
[  329.753182][ T9194] ntfs3(loop7): failed to convert name for inode 1e.
[  329.755424][   T44] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  329.787991][ T9194] ntfs3(loop7): failed to convert "0032" to iso8859-6
[  329.804865][ T5932] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  329.815023][   T44] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  329.827162][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.844137][   T44] usb 4-1: config 0 descriptor??
[  329.858624][   T44] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input27
[  329.918458][ T9209] ntfs3(loop7): failed to convert "0030" to iso8859-6
[  329.965916][ T9194] ntfs3(loop7): ino=1f, mi_enum_attr
[  330.006283][ T9194] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  330.065779][ T5932] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  330.091748][ T9185] XFS (loop6): Ending clean mount
[  330.104581][ T5932] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  330.133157][ T9182] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  330.144411][ T5932] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  330.148916][ T5212] bcm5974 4-1:0.0: could not read from device
[  330.195597][ T5932] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  330.234148][ T9185] XFS (loop6): Quotacheck needed: Please wait.
[  330.244809][ T5932] usb 6-1: SerialNumber: syz
[  330.269786][ T9199] bcm5974 4-1:0.0: could not read from device
[  330.322329][ T5212] bcm5974 4-1:0.0: could not read from device
[  330.357461][   T44] usb 4-1: USB disconnect, device number 10
[  330.549326][ T5932] usb 6-1: 0:2 : does not exist
[  330.579168][ T9185] XFS (loop6): Quotacheck: Done.
[  330.593989][ T5932] usb 6-1: 5:0: failed to get current value for ch 1 (-22)
[  330.641638][ T5932] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  330.699851][ T5932] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  330.750264][ T7618] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  330.800666][ T5932] usb 6-1: USB disconnect, device number 17
[  331.052175][ T6085] udevd[6085]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  332.132487][ T9217] loop7: detected capacity change from 0 to 32768
[  332.204519][ T9217] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.994 (9217)
[  332.316135][ T9217] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  332.375463][ T9217] BTRFS info (device loop7): using sha256 (sha256-lib) checksum algorithm
[  332.674977][ T5932] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  332.695102][ T9217] BTRFS info (device loop7): enabling ssd optimizations
[  332.702089][ T9217] BTRFS info (device loop7): enabling free space tree
[  332.779319][ T9227] loop6: detected capacity change from 0 to 32768
[  332.892019][ T5932] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  332.947770][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.975195][ T7778] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  333.013869][ T9227] ocfs2: Mounting device (7,6) on (node local, slot 0) with writeback data mode.
[  333.055399][ T5932] usb 4-1: config 0 descriptor??
[  333.095111][ T9261] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  333.144450][   T30] audit: type=1800 audit(1755883559.584:300): pid=9227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1009" name="file1" dev="loop6" ino=9553 res=0 errno=0
[  333.198321][ T5932] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  333.267198][   T30] audit: type=1326 audit(1755883559.694:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9262 comm="syz.4.1004" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb8ab8ebe9 code=0x0
[  333.292565][ T9261] vimc vimc.0: first entity in the pipe 'Scaler' is not a source
[  333.394135][ T5932] gp8psk: usb in 128 operation failed.
[  333.632589][ T5932] gp8psk: usb in 146 operation failed.
[  333.664937][ T5932] gp8psk: failed to get FW version
[  333.693132][ T5932] gp8psk: FPGA Version = 196
[  333.867432][ T7618] ocfs2: Unmounting device (7,6) on (node local)
[  333.910774][ T5932] gp8psk: usb in 138 operation failed.
[  333.928511][ T5932] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  333.949162][ T5932] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  333.994206][ T5932] usb 4-1: USB disconnect, device number 11
[  334.375436][ T5961] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  334.466093][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  334.585362][ T5961] usb 6-1: Using ep0 maxpacket: 32
[  334.644569][ T5961] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  334.654706][ T5961] usb 6-1: config 0 has no interface number 0
[  334.660916][    T9] usb 5-1: Using ep0 maxpacket: 32
[  334.668117][ T5961] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  334.680951][ T5961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.705057][    T9] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  334.705074][ T5961] usb 6-1: Product: syz
[  334.705107][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.739526][ T5961] usb 6-1: Manufacturer: syz
[  334.760307][    T9] usb 5-1: config 0 descriptor??
[  334.764828][ T5961] usb 6-1: SerialNumber: syz
[  334.806793][ T5961] usb 6-1: config 0 descriptor??
[  334.845123][ T5961] smsc95xx v2.0.0
[  335.000934][    T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  335.030164][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  335.083229][    T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  335.114351][    T9] usb 5-1: media controller created
[  335.178645][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  335.325041][    T9] az6027: usb out operation failed. (-71)
[  335.347180][    T9] az6027: usb out operation failed. (-71)
[  335.365584][    T9] stb0899_attach: Driver disabled by Kconfig
[  335.371598][    T9] az6027: no front-end attached
[  335.371598][    T9] 
[  335.415072][    T9] az6027: usb out operation failed. (-71)
[  335.443664][    T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  335.471508][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input28
[  335.527247][ T9274] loop7: detected capacity change from 0 to 40427
[  335.558065][    T9] dvb-usb: schedule remote query interval to 400 msecs.
[  335.605259][ T9274] F2FS-fs (loop7): build fault injection rate: 771
[  335.610880][    T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  335.651741][    T9] usb 5-1: USB disconnect, device number 10
[  335.665887][ T9274] F2FS-fs (loop7): invalid crc value
[  335.679658][ T5961] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  335.882850][ T5961] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  335.945794][ T5961] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  335.963301][    T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  336.025338][ T5961] usb 6-1: USB disconnect, device number 18
[  336.053578][ T9274] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  336.154899][ T9274] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  336.429149][ T9292] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  336.742408][ T9295] loop6: detected capacity change from 0 to 2048
[  336.846862][ T7778] syz-executor: attempt to access beyond end of device
[  336.846862][ T7778] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  337.048610][ T7778] CPU: 0 UID: 0 PID: 7778 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  337.048661][ T7778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  337.048684][ T7778] Call Trace:
[  337.048696][ T7778]  <TASK>
[  337.048710][ T7778]  dump_stack_lvl+0x16c/0x1f0
[  337.048771][ T7778]  f2fs_handle_critical_error+0x624/0x9f0
[  337.048837][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.048885][ T7778]  ? f2fs_build_fault_attr+0x53/0x1f0
[  337.048940][ T7778]  f2fs_write_end_io+0x958/0xcf0
[  337.049000][ T7778]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  337.049061][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.049122][ T7778]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  337.049177][ T7778]  bio_endio+0x6bf/0x800
[  337.049242][ T7778]  submit_bio_noacct+0x306/0x1ed0
[  337.049302][ T7778]  __submit_merged_bio+0x33c/0x770
[  337.049354][ T7778]  __submit_merged_write_cond+0x319/0x3f0
[  337.049412][ T7778]  f2fs_write_cache_pages+0x2067/0x2570
[  337.049497][ T7778]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  337.049567][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.049613][ T7778]  ? __lock_acquire+0x62e/0x1ce0
[  337.049691][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.049740][ T7778]  ? __lock_acquire+0x62e/0x1ce0
[  337.049856][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.049903][ T7778]  ? __lock_acquire+0x62e/0x1ce0
[  337.050030][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.050085][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.050140][ T7778]  f2fs_write_data_pages+0x4ad/0xd90
[  337.050215][ T7778]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  337.050277][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.050338][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.050392][ T7778]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  337.050461][ T7778]  do_writepages+0x27a/0x600
[  337.050522][ T7778]  ? __pfx_do_writepages+0x10/0x10
[  337.050571][ T7778]  ? do_raw_spin_unlock+0x172/0x230
[  337.050615][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.050663][ T7778]  ? _raw_spin_unlock+0x28/0x50
[  337.050715][ T7778]  filemap_fdatawrite_wbc+0x104/0x160
[  337.050773][ T7778]  __filemap_fdatawrite_range+0xb9/0x100
[  337.050842][ T7778]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  337.050966][ T7778]  ? find_held_lock+0x2b/0x80
[  337.051015][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.051061][ T7778]  ? do_raw_spin_unlock+0x172/0x230
[  337.051103][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.051156][ T7778]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  337.051242][ T7778]  block_operations+0x2b0/0xfe0
[  337.051303][ T7778]  ? __pfx_stack_trace_save+0x10/0x10
[  337.051388][ T7778]  ? __lock_acquire+0xb97/0x1ce0
[  337.051451][ T7778]  ? __pfx_block_operations+0x10/0x10
[  337.051514][ T7778]  ? kasan_save_stack+0x42/0x60
[  337.051627][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.051672][ T7778]  ? down_write+0x14d/0x200
[  337.051729][ T7778]  ? __pfx_down_write+0x10/0x10
[  337.051789][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.051841][ T7778]  ? rcu_is_watching+0x12/0xc0
[  337.051897][ T7778]  f2fs_write_checkpoint+0x2b8/0x4c60
[  337.051941][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.051987][ T7778]  ? kfree+0x2b4/0x4d0
[  337.052032][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.052077][ T7778]  ? lockdep_hardirqs_on+0x7c/0x110
[  337.052125][ T7778]  ? f2fs_stop_gc_thread+0x79/0xd0
[  337.052168][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.052225][ T7778]  kill_f2fs_super+0x3c2/0x470
[  337.052263][ T7778]  ? __pfx_kill_f2fs_super+0x10/0x10
[  337.052298][ T7778]  ? lockdep_hardirqs_on+0x7c/0x110
[  337.052368][ T7778]  deactivate_locked_super+0xc1/0x1a0
[  337.052428][ T7778]  deactivate_super+0xde/0x100
[  337.052487][ T7778]  cleanup_mnt+0x225/0x450
[  337.052550][ T7778]  task_work_run+0x150/0x240
[  337.052594][ T7778]  ? __pfx_task_work_run+0x10/0x10
[  337.052633][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  337.052682][ T7778]  ? __pfx___x64_sys_umount+0x10/0x10
[  337.052730][ T7778]  exit_to_user_mode_loop+0xeb/0x110
[  337.052773][ T7778]  do_syscall_64+0x3f6/0x4c0
[  337.052836][ T7778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.052873][ T7778] RIP: 0033:0x7fd7bff8ff17
[  337.052903][ T7778] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  337.052939][ T7778] RSP: 002b:00007fff21cbb008 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  337.052974][ T7778] RAX: 0000000000000000 RBX: 00007fd7c0011c05 RCX: 00007fd7bff8ff17
[  337.052999][ T7778] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff21cbb0c0
[  337.053022][ T7778] RBP: 00007fff21cbb0c0 R08: 0000000000000000 R09: 0000000000000000
[  337.053046][ T7778] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff21cbc150
[  337.053071][ T7778] R13: 00007fd7c0011c05 R14: 00000000000522b8 R15: 00007fff21cbc190
[  337.053121][ T7778]  </TASK>
[  337.706337][ T7778] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  338.577543][   T30] audit: type=1326 audit(1755883565.014:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9307 comm="syz.5.1020" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fef0c38ebe9 code=0x0
[  338.713358][ T9311] loop4: detected capacity change from 0 to 2048
[  338.848206][ T9311] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  338.909341][ T9311] ext4 filesystem being mounted at /201/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  339.192219][ T5866] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.358669][ T9323] loop6: detected capacity change from 0 to 128
[  339.758548][ T9327] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  339.781891][ T9327] vimc vimc.0: first entity in the pipe 'Scaler' is not a source
[  339.935051][ T5961] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  340.125521][ T5961] usb 6-1: Using ep0 maxpacket: 32
[  340.149392][ T5961] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  340.174881][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.251506][ T5961] usb 6-1: config 0 descriptor??
[  340.505096][ T5961] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  340.530044][ T9317] loop3: detected capacity change from 0 to 40427
[  340.567201][ T5961] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  340.582666][ T9317] F2FS-fs (loop3): invalid crc value
[  340.594656][ T5961] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  340.607370][ T5961] usb 6-1: media controller created
[  340.729394][ T5961] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  340.804498][ T5961] az6027: usb out operation failed. (-71)
[  340.832472][ T5961] az6027: usb out operation failed. (-71)
[  340.845201][ T5961] stb0899_attach: Driver disabled by Kconfig
[  340.851195][ T5961] az6027: no front-end attached
[  340.851195][ T5961] 
[  340.893594][ T9335] loop6: detected capacity change from 0 to 32768
[  340.901212][ T5961] az6027: usb out operation failed. (-71)
[  340.916988][ T9317] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  340.926252][ T5961] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  340.947838][ T5961] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input29
[  340.980879][ T9317] F2FS-fs (loop3): Start checkpoint disabled!
[  341.009984][ T5961] dvb-usb: schedule remote query interval to 400 msecs.
[  341.010167][ T9317] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  341.031047][ T5961] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  341.061020][ T5961] usb 6-1: USB disconnect, device number 19
[  341.100570][ T9335] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  341.274870][   T30] audit: type=1800 audit(1755883567.704:303): pid=9317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1022" name="file1" dev="loop3" ino=10 res=0 errno=0
[  341.308295][ T5961] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  341.351949][ T9317] syz.3.1022: attempt to access beyond end of device
[  341.351949][ T9317] loop3: rw=2049, sector=77824, nr_sectors = 800 limit=40427
[  341.404926][   T30] audit: type=1800 audit(1755883567.784:304): pid=9343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1022" name="file1" dev="loop3" ino=10 res=0 errno=0
[  341.490402][ T9343] syz.3.1022: attempt to access beyond end of device
[  341.490402][ T9343] loop3: rw=2049, sector=78624, nr_sectors = 800 limit=40427
[  341.632029][ T7618] ocfs2: Unmounting device (7,6) on (node local)
[  341.869052][   T59] kworker/u8:4: attempt to access beyond end of device
[  341.869052][   T59] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  341.912501][   T59] CPU: 0 UID: 0 PID: 59 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full) 
[  341.912548][   T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  341.912574][   T59] Workqueue: writeback wb_workfn (flush-7:3)
[  341.912642][   T59] Call Trace:
[  341.912654][   T59]  <TASK>
[  341.912669][   T59]  dump_stack_lvl+0x16c/0x1f0
[  341.912726][   T59]  f2fs_handle_critical_error+0x624/0x9f0
[  341.912783][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.912839][   T59]  ? f2fs_build_fault_attr+0x53/0x1f0
[  341.912895][   T59]  f2fs_write_end_io+0x958/0xcf0
[  341.912958][   T59]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  341.913021][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.913079][   T59]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  341.913132][   T59]  bio_endio+0x6bf/0x800
[  341.913197][   T59]  submit_bio_noacct+0x306/0x1ed0
[  341.913257][   T59]  __submit_merged_bio+0x33c/0x770
[  341.913320][   T59]  __submit_merged_write_cond+0x319/0x3f0
[  341.913392][   T59]  f2fs_write_cache_pages+0x2067/0x2570
[  341.913493][   T59]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  341.913564][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.913611][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.913658][   T59]  ? find_held_lock+0x2b/0x80
[  341.913710][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.913763][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.913811][   T59]  ? do_raw_spin_unlock+0x172/0x230
[  341.913880][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.913927][   T59]  ? f2fs_available_free_memory+0x279/0xa30
[  341.914059][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.914107][   T59]  ? lock_acquire+0x179/0x350
[  341.914171][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.914229][   T59]  f2fs_write_data_pages+0x4ad/0xd90
[  341.914304][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  341.914383][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.914430][   T59]  ? __lock_acquire+0xb97/0x1ce0
[  341.914495][   T59]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  341.914563][   T59]  do_writepages+0x27a/0x600
[  341.914624][   T59]  ? __pfx_do_writepages+0x10/0x10
[  341.914674][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.914724][   T59]  ? reacquire_held_locks+0xcd/0x1f0
[  341.914786][   T59]  ? writeback_sb_inodes+0x3b0/0xfa0
[  341.914853][   T59]  __writeback_single_inode+0x160/0xfb0
[  341.914910][   T59]  ? __pfx___writeback_single_inode+0x10/0x10
[  341.914962][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.915007][   T59]  ? do_raw_spin_unlock+0x172/0x230
[  341.915052][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.915107][   T59]  writeback_sb_inodes+0x60d/0xfa0
[  341.915190][   T59]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  341.915245][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.915291][   T59]  ? do_raw_spin_lock+0x12c/0x2b0
[  341.915410][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.915457][   T59]  ? rcu_is_watching+0x12/0xc0
[  341.915505][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.915552][   T59]  ? queue_io+0x3f6/0x520
[  341.915605][   T59]  wb_writeback+0x419/0xb70
[  341.915671][   T59]  ? __pfx_wb_writeback+0x10/0x10
[  341.915719][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.915783][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.915840][   T59]  ? mark_held_locks+0x49/0x80
[  341.915911][   T59]  wb_workfn+0x14d/0xbe0
[  341.915972][   T59]  ? try_to_wake_up+0x160/0x1870
[  341.916022][   T59]  ? __pfx_wb_workfn+0x10/0x10
[  341.916081][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.916134][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.916188][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.916236][   T59]  ? rcu_is_watching+0x12/0xc0
[  341.916296][   T59]  process_one_work+0x9cf/0x1b70
[  341.916360][   T59]  ? __pfx_batadv_nc_worker+0x10/0x10
[  341.916411][   T59]  ? __pfx_process_one_work+0x10/0x10
[  341.916455][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.916518][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.916565][   T59]  ? assign_work+0x1a0/0x250
[  341.916610][   T59]  worker_thread+0x6c8/0xf10
[  341.916684][   T59]  ? __pfx_worker_thread+0x10/0x10
[  341.916728][   T59]  kthread+0x3c5/0x780
[  341.916770][   T59]  ? __pfx_kthread+0x10/0x10
[  341.916813][   T59]  ? srso_alias_return_thunk+0x5/0xfbef5
[  341.916867][   T59]  ? rcu_is_watching+0x12/0xc0
[  341.916916][   T59]  ? __pfx_kthread+0x10/0x10
[  341.916959][   T59]  ret_from_fork+0x5d7/0x6f0
[  341.916995][   T59]  ? __pfx_kthread+0x10/0x10
[  341.917037][   T59]  ret_from_fork_asm+0x1a/0x30
[  341.917118][   T59]  </TASK>
[  342.651483][   T59] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  343.466203][ T9355] loop5: detected capacity change from 0 to 40427
[  343.491308][ T9355] F2FS-fs (loop5): build fault injection rate: 771
[  343.578829][ T9355] F2FS-fs (loop5): invalid crc value
[  343.918927][ T9355] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  343.982986][ T9355] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  344.370959][ T5862] syz-executor: attempt to access beyond end of device
[  344.370959][ T5862] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  344.423447][ T5862] CPU: 0 UID: 0 PID: 5862 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  344.423500][ T5862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  344.423523][ T5862] Call Trace:
[  344.423535][ T5862]  <TASK>
[  344.423548][ T5862]  dump_stack_lvl+0x16c/0x1f0
[  344.423608][ T5862]  f2fs_handle_critical_error+0x624/0x9f0
[  344.423662][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.423709][ T5862]  ? f2fs_build_fault_attr+0x53/0x1f0
[  344.423760][ T5862]  f2fs_write_end_io+0x958/0xcf0
[  344.423826][ T5862]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  344.423885][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.423943][ T5862]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  344.423995][ T5862]  bio_endio+0x6bf/0x800
[  344.424057][ T5862]  submit_bio_noacct+0x306/0x1ed0
[  344.424113][ T5862]  __submit_merged_bio+0x33c/0x770
[  344.424173][ T5862]  __submit_merged_write_cond+0x319/0x3f0
[  344.424240][ T5862]  f2fs_write_cache_pages+0x2067/0x2570
[  344.424331][ T5862]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  344.424401][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.424447][ T5862]  ? __lock_acquire+0x62e/0x1ce0
[  344.424519][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.424565][ T5862]  ? __lock_acquire+0x62e/0x1ce0
[  344.424667][ T5862]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  344.424780][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.424841][ T5862]  f2fs_write_data_pages+0x4ad/0xd90
[  344.424912][ T5862]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  344.424972][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.425030][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.425083][ T5862]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  344.425148][ T5862]  do_writepages+0x27a/0x600
[  344.425206][ T5862]  ? __pfx_do_writepages+0x10/0x10
[  344.425253][ T5862]  ? do_raw_spin_unlock+0x172/0x230
[  344.425297][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.425343][ T5862]  ? _raw_spin_unlock+0x28/0x50
[  344.425395][ T5862]  filemap_fdatawrite_wbc+0x104/0x160
[  344.425451][ T5862]  __filemap_fdatawrite_range+0xb9/0x100
[  344.425517][ T5862]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  344.425638][ T5862]  ? find_held_lock+0x2b/0x80
[  344.425689][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.425737][ T5862]  ? do_raw_spin_unlock+0x172/0x230
[  344.425780][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.425841][ T5862]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  344.425928][ T5862]  block_operations+0x2b0/0xfe0
[  344.425991][ T5862]  ? __pfx_stack_trace_save+0x10/0x10
[  344.426050][ T5862]  ? __lock_acquire+0xb97/0x1ce0
[  344.426115][ T5862]  ? __pfx_block_operations+0x10/0x10
[  344.426178][ T5862]  ? kasan_save_stack+0x42/0x60
[  344.426291][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.426338][ T5862]  ? down_write+0x14d/0x200
[  344.426397][ T5862]  ? __pfx_down_write+0x10/0x10
[  344.426458][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.426504][ T5862]  ? rcu_is_watching+0x12/0xc0
[  344.426560][ T5862]  f2fs_write_checkpoint+0x2b8/0x4c60
[  344.426604][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.426650][ T5862]  ? kfree+0x2b4/0x4d0
[  344.426697][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.426742][ T5862]  ? lockdep_hardirqs_on+0x7c/0x110
[  344.426791][ T5862]  ? f2fs_stop_gc_thread+0x79/0xd0
[  344.426838][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.426896][ T5862]  kill_f2fs_super+0x3c2/0x470
[  344.426934][ T5862]  ? __pfx_kill_f2fs_super+0x10/0x10
[  344.426970][ T5862]  ? lockdep_hardirqs_on+0x7c/0x110
[  344.427041][ T5862]  deactivate_locked_super+0xc1/0x1a0
[  344.427101][ T5862]  deactivate_super+0xde/0x100
[  344.427161][ T5862]  cleanup_mnt+0x225/0x450
[  344.427226][ T5862]  task_work_run+0x150/0x240
[  344.427271][ T5862]  ? __pfx_task_work_run+0x10/0x10
[  344.427311][ T5862]  ? srso_alias_return_thunk+0x5/0xfbef5
[  344.427361][ T5862]  ? __pfx___x64_sys_umount+0x10/0x10
[  344.427409][ T5862]  exit_to_user_mode_loop+0xeb/0x110
[  344.427453][ T5862]  do_syscall_64+0x3f6/0x4c0
[  344.427512][ T5862]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.427551][ T5862] RIP: 0033:0x7fef0c38ff17
[  344.427580][ T5862] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  344.427619][ T5862] RSP: 002b:00007ffee0aead38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  344.427655][ T5862] RAX: 0000000000000000 RBX: 00007fef0c411c05 RCX: 00007fef0c38ff17
[  344.427680][ T5862] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee0aeadf0
[  344.427705][ T5862] RBP: 00007ffee0aeadf0 R08: 0000000000000000 R09: 0000000000000000
[  344.427729][ T5862] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffee0aebe80
[  344.427753][ T5862] R13: 00007fef0c411c05 R14: 00000000000540b4 R15: 00007ffee0aebec0
[  344.427804][ T5862]  </TASK>
[  344.889952][ T5862] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  345.047542][ T9365] loop6: detected capacity change from 0 to 32768
[  345.240326][ T9365] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  345.423912][ T7618] ocfs2: Unmounting device (7,6) on (node local)
[  345.654836][ T9380] 9pnet: p9_errstr2errno: server reported unknown error �@c���^��7
[  345.925147][ T5966] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  346.088538][ T5966] usb 6-1: Using ep0 maxpacket: 32
[  346.108364][ T5966] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  346.116722][ T5966] usb 6-1: config 0 has no interface number 0
[  346.127866][ T5966] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  346.137215][ T5966] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.145742][ T5966] usb 6-1: Product: syz
[  346.150063][ T5966] usb 6-1: Manufacturer: syz
[  346.154697][ T5966] usb 6-1: SerialNumber: syz
[  346.186061][ T5966] usb 6-1: config 0 descriptor??
[  346.191418][ T9353] bond0: entered promiscuous mode
[  346.204286][ T5966] smsc95xx v2.0.0
[  346.207973][ T9353] bond_slave_0: entered promiscuous mode
[  346.208299][ T9353] bond_slave_1: entered promiscuous mode
[  346.230158][ T9353] batadv0: entered promiscuous mode
[  346.264499][ T9353] 8021q: adding VLAN 0 to HW filter on device hsr1
[  346.480584][ T9389] loop8: detected capacity change from 0 to 128
[  346.561683][ T9389] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  346.603274][ T9389] ext4 filesystem being mounted at /44/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  346.764882][ T5932] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  346.863666][ T8207] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  346.945490][ T5932] usb 8-1: Using ep0 maxpacket: 32
[  346.955030][ T5932] usb 8-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  346.984419][ T5932] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.034829][ T5932] usb 8-1: config 0 descriptor??
[  347.249205][ T5966] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71
[  347.286086][ T5932] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  347.294795][ T5966] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  347.342493][ T5932] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  347.372236][ T5966] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  347.384154][ T5932] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  347.392292][ T5966] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  347.400879][ T5932] usb 8-1: media controller created
[  347.434269][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  347.491060][ T5966] usb 6-1: USB disconnect, device number 20
[  347.585321][ T5961] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  347.605977][ T5932] az6027: usb out operation failed. (-71)
[  347.634919][ T5932] az6027: usb out operation failed. (-71)
[  347.654408][ T5932] stb0899_attach: Driver disabled by Kconfig
[  347.674630][ T5932] az6027: no front-end attached
[  347.674630][ T5932] 
[  347.711227][ T5932] az6027: usb out operation failed. (-71)
[  347.724248][ T5932] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  347.768042][ T5932] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input30
[  347.799106][ T5961] usb 7-1: config 0 interface 0 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0
[  347.836740][ T5961] usb 7-1: config 0 interface 0 has no altsetting 0
[  347.861145][ T5961] usb 7-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00
[  347.874405][ T5932] dvb-usb: schedule remote query interval to 400 msecs.
[  347.882046][ T5961] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.930265][ T5932] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  347.941172][ T5961] usb 7-1: config 0 descriptor??
[  347.983211][ T5932] usb 8-1: USB disconnect, device number 6
[  348.249506][ T5932] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  348.360489][ T9395] loop3: detected capacity change from 0 to 32768
[  348.440733][ T5961] aquacomputer_d5next 0003:0C70:F003.000E: hidraw0: USB HID v0.00 Device [HID 0c70:f003] on usb-dummy_hcd.6-1/input0
[  348.609227][ T9395] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  348.725358][ T5961] usb 7-1: USB disconnect, device number 7
[  348.807444][   T30] audit: type=1800 audit(1755883575.254:305): pid=9395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1050" name="file1" dev="loop3" ino=9553 res=0 errno=0
[  348.863532][ T9397] loop4: detected capacity change from 0 to 40427
[  348.938938][ T9397] F2FS-fs (loop4): build fault injection rate: 771
[  349.049209][ T9411] fido_id[9411]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  349.109456][ T9397] F2FS-fs (loop4): invalid crc value
[  349.424825][ T5869] Bluetooth: hci2: command 0x0406 tx timeout
[  349.609989][ T9397] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  349.639521][ T9422] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  349.665030][ T9422] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  349.695115][ T9397] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  349.717944][ T5863] ocfs2: Unmounting device (7,3) on (node local)
[  349.995556][ T5866] syz-executor: attempt to access beyond end of device
[  349.995556][ T5866] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  350.031416][ T5866] CPU: 1 UID: 0 PID: 5866 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  350.031464][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  350.031487][ T5866] Call Trace:
[  350.031499][ T5866]  <TASK>
[  350.031513][ T5866]  dump_stack_lvl+0x16c/0x1f0
[  350.031572][ T5866]  f2fs_handle_critical_error+0x624/0x9f0
[  350.031628][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.031673][ T5866]  ? f2fs_build_fault_attr+0x53/0x1f0
[  350.031727][ T5866]  f2fs_write_end_io+0x958/0xcf0
[  350.031791][ T5866]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  350.031851][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.031908][ T5866]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  350.031959][ T5866]  bio_endio+0x6bf/0x800
[  350.032022][ T5866]  submit_bio_noacct+0x306/0x1ed0
[  350.032080][ T5866]  __submit_merged_bio+0x33c/0x770
[  350.032141][ T5866]  __submit_merged_write_cond+0x319/0x3f0
[  350.032208][ T5866]  f2fs_write_cache_pages+0x2067/0x2570
[  350.032304][ T5866]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  350.032378][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.032423][ T5866]  ? __lock_acquire+0x62e/0x1ce0
[  350.032498][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.032543][ T5866]  ? __lock_acquire+0x62e/0x1ce0
[  350.032701][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.032764][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.032819][ T5866]  f2fs_write_data_pages+0x4ad/0xd90
[  350.032896][ T5866]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  350.032955][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.033017][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.033071][ T5866]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  350.033139][ T5866]  do_writepages+0x27a/0x600
[  350.033198][ T5866]  ? __pfx_do_writepages+0x10/0x10
[  350.033247][ T5866]  ? do_raw_spin_unlock+0x172/0x230
[  350.033291][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.033339][ T5866]  ? _raw_spin_unlock+0x28/0x50
[  350.033393][ T5866]  filemap_fdatawrite_wbc+0x104/0x160
[  350.033451][ T5866]  __filemap_fdatawrite_range+0xb9/0x100
[  350.033517][ T5866]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  350.033657][ T5866]  ? find_held_lock+0x2b/0x80
[  350.033709][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.033763][ T5866]  ? do_raw_spin_unlock+0x172/0x230
[  350.033808][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.033865][ T5866]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  350.033960][ T5866]  block_operations+0x2b0/0xfe0
[  350.034023][ T5866]  ? __pfx_stack_trace_save+0x10/0x10
[  350.034084][ T5866]  ? __lock_acquire+0xb97/0x1ce0
[  350.034151][ T5866]  ? __pfx_block_operations+0x10/0x10
[  350.034217][ T5866]  ? kasan_save_stack+0x42/0x60
[  350.034347][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.034395][ T5866]  ? down_write+0x14d/0x200
[  350.034456][ T5866]  ? __pfx_down_write+0x10/0x10
[  350.034518][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.034565][ T5866]  ? rcu_is_watching+0x12/0xc0
[  350.034624][ T5866]  f2fs_write_checkpoint+0x2b8/0x4c60
[  350.034673][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.034720][ T5866]  ? kfree+0x2b4/0x4d0
[  350.034771][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.034819][ T5866]  ? lockdep_hardirqs_on+0x7c/0x110
[  350.034869][ T5866]  ? f2fs_stop_gc_thread+0x79/0xd0
[  350.034911][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.034970][ T5866]  kill_f2fs_super+0x3c2/0x470
[  350.035009][ T5866]  ? __pfx_kill_f2fs_super+0x10/0x10
[  350.035045][ T5866]  ? lockdep_hardirqs_on+0x7c/0x110
[  350.035122][ T5866]  deactivate_locked_super+0xc1/0x1a0
[  350.035183][ T5866]  deactivate_super+0xde/0x100
[  350.035244][ T5866]  cleanup_mnt+0x225/0x450
[  350.035310][ T5866]  task_work_run+0x150/0x240
[  350.035357][ T5866]  ? __pfx_task_work_run+0x10/0x10
[  350.035397][ T5866]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.035446][ T5866]  ? __pfx___x64_sys_umount+0x10/0x10
[  350.035497][ T5866]  exit_to_user_mode_loop+0xeb/0x110
[  350.035544][ T5866]  do_syscall_64+0x3f6/0x4c0
[  350.035606][ T5866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.035646][ T5866] RIP: 0033:0x7fcb8ab8ff17
[  350.035677][ T5866] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  350.035717][ T5866] RSP: 002b:00007ffe503e2f28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  350.035759][ T5866] RAX: 0000000000000000 RBX: 00007fcb8ac11c05 RCX: 00007fcb8ab8ff17
[  350.035785][ T5866] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe503e2fe0
[  350.035810][ T5866] RBP: 00007ffe503e2fe0 R08: 0000000000000000 R09: 0000000000000000
[  350.035836][ T5866] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe503e4070
[  350.035861][ T5866] R13: 00007fcb8ac11c05 R14: 0000000000055625 R15: 00007ffe503e40b0
[  350.035921][ T5866]  </TASK>
[  350.494596][ T9422] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  350.690880][ T9422] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  350.761950][ T5866] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  350.831505][ T9422] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  350.884331][ T9422] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  351.113036][ T9440] loop8: detected capacity change from 0 to 128
[  351.117126][ T9422] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  351.154387][ T9422] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  351.221327][ T9440] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1067'.
[  351.243358][ T9422] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  351.271429][ T9422] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  351.345797][ T9422] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  351.377457][ T9422] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  351.409140][ T9422] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  351.664995][ T5876] Bluetooth: hci1: command 0x0406 tx timeout
[  351.875782][   T44] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  352.084923][   T44] usb 4-1: Using ep0 maxpacket: 32
[  352.103551][   T44] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  352.122186][   T44] usb 4-1: config 0 has no interface number 0
[  352.141524][   T44] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  352.172577][   T44] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  352.181931][ T5844] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  352.224703][   T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.244288][   T44] usb 4-1: Product: syz
[  352.261913][   T44] usb 4-1: Manufacturer: syz
[  352.277007][   T44] usb 4-1: SerialNumber: syz
[  352.304031][   T44] usb 4-1: config 0 descriptor??
[  352.355184][   T44] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  352.366576][ T9459] loop7: detected capacity change from 0 to 40427
[  352.381303][ T5844] usb 6-1: Using ep0 maxpacket: 32
[  352.412423][   T44] em28xx 4-1:0.132: Video interface 132 found:
[  352.443050][ T5844] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  352.501048][ T5844] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  352.549752][ T9459] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  352.561702][ T9459] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  352.561943][ T5844] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  352.651816][ T5844] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.673985][ T5844] usb 6-1: config 0 descriptor??
[  352.742712][ T5844] hub 6-1:0.0: USB hub found
[  352.785495][ T5876] Bluetooth: hci0: command 0x0406 tx timeout
[  352.821099][   T44] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[  352.865676][ T5876] Bluetooth: hci4: command 0x0406 tx timeout
[  352.984230][ T5844] hub 6-1:0.0: config failed, can't read hub descriptor (err -90)
[  353.002437][ T7778] syz-executor: attempt to access beyond end of device
[  353.002437][ T7778] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  353.035291][ T7778] CPU: 0 UID: 0 PID: 7778 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  353.035339][ T7778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  353.035361][ T7778] Call Trace:
[  353.035374][ T7778]  <TASK>
[  353.035387][ T7778]  dump_stack_lvl+0x16c/0x1f0
[  353.035447][ T7778]  f2fs_handle_critical_error+0x624/0x9f0
[  353.035501][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.035548][ T7778]  ? f2fs_build_fault_attr+0x53/0x1f0
[  353.035600][ T7778]  f2fs_write_end_io+0x958/0xcf0
[  353.035658][ T7778]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  353.035718][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.035775][ T7778]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  353.035833][ T7778]  bio_endio+0x6bf/0x800
[  353.035899][ T7778]  submit_bio_noacct+0x306/0x1ed0
[  353.035958][ T7778]  __submit_merged_bio+0x33c/0x770
[  353.036023][ T7778]  __submit_merged_write_cond+0x319/0x3f0
[  353.036101][ T7778]  f2fs_write_cache_pages+0x2067/0x2570
[  353.036211][ T7778]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  353.036286][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.036337][ T7778]  ? __lock_acquire+0x62e/0x1ce0
[  353.036422][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.036475][ T7778]  ? __lock_acquire+0x62e/0x1ce0
[  353.036640][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.036697][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.036753][ T7778]  f2fs_write_data_pages+0x4ad/0xd90
[  353.036832][ T7778]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  353.036896][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.036958][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.037015][ T7778]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  353.037084][ T7778]  do_writepages+0x27a/0x600
[  353.037145][ T7778]  ? __pfx_do_writepages+0x10/0x10
[  353.037194][ T7778]  ? do_raw_spin_unlock+0x172/0x230
[  353.037239][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.037287][ T7778]  ? _raw_spin_unlock+0x28/0x50
[  353.037342][ T7778]  filemap_fdatawrite_wbc+0x104/0x160
[  353.037399][ T7778]  __filemap_fdatawrite_range+0xb9/0x100
[  353.037468][ T7778]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  353.037536][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.037644][ T7778]  ? find_held_lock+0x2b/0x80
[  353.037696][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.037746][ T7778]  ? do_raw_spin_unlock+0x172/0x230
[  353.037791][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.037968][ T7778]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  353.038064][ T7778]  block_operations+0x2b0/0xfe0
[  353.038136][ T7778]  ? __pfx___schedule+0x10/0x10
[  353.038188][ T7778]  ? __pfx_block_operations+0x10/0x10
[  353.038310][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.038354][ T7778]  ? down_write+0x14d/0x200
[  353.038413][ T7778]  ? __pfx_down_write+0x10/0x10
[  353.038476][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.038521][ T7778]  ? rcu_is_watching+0x12/0xc0
[  353.038581][ T7778]  f2fs_write_checkpoint+0x2b8/0x4c60
[  353.038627][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.038674][ T7778]  ? kfree+0x2b4/0x4d0
[  353.038729][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.038777][ T7778]  ? rcu_is_watching+0x12/0xc0
[  353.038823][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.038893][ T7778]  ? kthread_stop+0x273/0x630
[  353.038940][ T7778]  kill_f2fs_super+0x3c2/0x470
[  353.038986][ T7778]  ? __pfx_kill_f2fs_super+0x10/0x10
[  353.039027][ T7778]  ? lockdep_hardirqs_on+0x7c/0x110
[  353.039112][ T7778]  deactivate_locked_super+0xc1/0x1a0
[  353.039185][ T7778]  deactivate_super+0xde/0x100
[  353.039256][ T7778]  cleanup_mnt+0x225/0x450
[  353.039333][ T7778]  task_work_run+0x150/0x240
[  353.039387][ T7778]  ? __pfx_task_work_run+0x10/0x10
[  353.039434][ T7778]  ? srso_alias_return_thunk+0x5/0xfbef5
[  353.039494][ T7778]  ? __pfx___x64_sys_umount+0x10/0x10
[  353.039549][ T7778]  exit_to_user_mode_loop+0xeb/0x110
[  353.039596][ T7778]  do_syscall_64+0x3f6/0x4c0
[  353.039657][ T7778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.039704][ T7778] RIP: 0033:0x7fd7bff8ff17
[  353.039737][ T7778] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  353.039782][ T7778] RSP: 002b:00007fff21cbb008 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  353.039822][ T7778] RAX: 0000000000000000 RBX: 00007fd7c0011c05 RCX: 00007fd7bff8ff17
[  353.039857][ T7778] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff21cbb0c0
[  353.039882][ T7778] RBP: 00007fff21cbb0c0 R08: 0000000000000000 R09: 0000000000000000
[  353.039907][ T7778] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff21cbc150
[  353.039934][ T7778] R13: 00007fd7c0011c05 R14: 00000000000561fc R15: 00007fff21cbc190
[  353.039988][ T7778]  </TASK>
[  353.496357][    C0] vkms_vblank_simulate: vblank timer overrun
[  353.552172][ T7778] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  353.567278][ T5876] Bluetooth: hci2: command 0x0406 tx timeout
[  353.573349][ T5876] Bluetooth: hci3: command 0x0c1a tx timeout
[  353.579461][ T5876] Bluetooth: hci5: command 0x0406 tx timeout
[  353.754557][ T5869] Bluetooth: hci1: command 0x0406 tx timeout
[  353.850559][   T44] em28xx 4-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[  353.903563][ T5844] usbhid 6-1:0.0: can't add hid device: -71
[  353.930997][ T5844] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  353.949627][   T44] em28xx 4-1:0.132: board has no eeprom
[  354.085308][   T44] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  354.093312][   T44] em28xx 4-1:0.132: analog set to bulk mode.
[  354.105084][ T5844] usb 6-1: USB disconnect, device number 21
[  354.146658][  T912] em28xx 4-1:0.132: Registering V4L2 extension
[  354.199895][   T44] usb 4-1: USB disconnect, device number 12
[  354.231590][   T44] em28xx 4-1:0.132: Disconnecting em28xx
[  354.428735][ T9473] mmap: syz.6.1080 (9473) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  354.705644][  T912] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[  354.743831][  T912] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  354.777195][  T912] em28xx 4-1:0.132: No AC97 audio processor
[  354.865016][ T5869] Bluetooth: hci0: command 0x0406 tx timeout
[  354.880249][  T912] usb 4-1: Decoder not found
[  354.912698][  T912] em28xx 4-1:0.132: failed to create media graph
[  354.936228][  T912] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  354.953903][ T5869] Bluetooth: hci4: command 0x0406 tx timeout
[  354.970596][  T912] em28xx 4-1:0.132: Remote control support is not available for this card.
[  354.980277][   T44] em28xx 4-1:0.132: Closing input extension
[  355.014320][   T44] em28xx 4-1:0.132: Freeing device
[  355.262349][ T9490] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  355.285705][ T9479] loop8: detected capacity change from 0 to 32768
[  355.488910][ T9479] JBD2: Ignoring recovery information on journal
[  355.579166][ T9492] loop3: detected capacity change from 0 to 32768
[  355.592791][ T9492] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1086 (9492)
[  355.657244][ T9492] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  355.667638][ T9492] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  355.677227][ T5869] Bluetooth: hci5: command 0x0406 tx timeout
[  355.683357][ T5869] Bluetooth: hci3: command 0x0c1a tx timeout
[  355.684656][ T5876] Bluetooth: hci2: command 0x0406 tx timeout
[  355.773867][ T9477] loop4: detected capacity change from 0 to 40427
[  355.807471][ T9479] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  355.891954][   T59] (kworker/u8:4,59,1):ocfs2_check_dir_entry:321 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=72, rec_len=1, name_len=1
[  355.942852][ T9492] BTRFS info (device loop3): allowing degraded mounts
[  355.949896][ T9492] BTRFS info (device loop3): enabling ssd optimizations
[  355.956957][ T9492] BTRFS info (device loop3): enabling free space tree
[  355.963739][ T9492] BTRFS info (device loop3): force zlib compression, level 3
[  356.054820][ T9477] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  356.318946][ T9522] loop7: detected capacity change from 0 to 1024
[  356.378912][ T5863] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  356.670488][ T9477] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  356.702015][ T8207] ocfs2: Unmounting device (7,8) on (node local)
[  356.846062][ T5978] hfsplus: bad catalog file entry
[  356.851223][ T5978] hfsplus: b-tree write err: -5, ino 3
[  357.225217][   T44] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  357.404897][   T44] usb 4-1: Using ep0 maxpacket: 8
[  357.420069][   T44] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  357.458392][   T44] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  357.489616][   T44] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  357.513254][   T44] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  357.550669][   T44] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  357.575715][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.674873][  T912] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  357.745619][ T5876] Bluetooth: hci3: command 0x0c1a tx timeout
[  357.959712][   T44] usb 4-1: GET_CAPABILITIES returned 0
[  357.971513][   T44] usbtmc 4-1:16.0: can't read capabilities
[  357.984847][  T912] usb 6-1: Using ep0 maxpacket: 32
[  357.992785][  T912] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  358.042576][  T912] usb 6-1: config 0 has no interface number 0
[  358.059935][  T912] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  358.144793][  T912] usb 6-1: config 0 interface 85 has no altsetting 0
[  358.157025][  T912] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  358.161700][ T9534] usbtmc 4-1:16.0: usbtmc488_ioctl_trigger returned -71
[  358.195099][  T912] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.254452][  T912] usb 6-1: Product: syz
[  358.276704][ T5961] usb 4-1: USB disconnect, device number 13
[  358.300886][  T912] usb 6-1: Manufacturer: syz
[  358.336272][  T912] usb 6-1: SerialNumber: syz
[  358.383267][  T912] usb 6-1: config 0 descriptor??
[  358.840718][ T9554] input: syz1 as /devices/virtual/input/input32
[  358.887562][ T9539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  358.934512][ T9539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  359.210801][  T912] appletouch 6-1:0.85: Geyser mode initialized.
[  359.231965][  T912] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input31
[  359.445114][  T912] usb 6-1: USB disconnect, device number 22
[  359.480839][ T9562] loop4: detected capacity change from 0 to 1024
[  359.555459][ T9562] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  359.637584][ T9562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  359.723139][  T912] appletouch 6-1:0.85: input: appletouch disconnected
[  360.178086][ T5866] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.312512][ T9579] loop6: detected capacity change from 0 to 128
[  360.439362][ T9581] sock: sock_set_timeout: `syz.8.1114' (pid 9581) tries to set negative timeout
[  360.849729][ T9592] batadv_slave_1: entered promiscuous mode
[  360.879724][ T9588] batadv_slave_1: left promiscuous mode
[  361.144912][ T1205] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  361.240640][ T9605] input: syz1 as /devices/virtual/input/input33
[  361.280140][ T9605] input: failed to attach handler leds to device input33, error: -6
[  361.304701][ T5966] IPVS: starting estimator thread 0...
[  361.313683][ T9604] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  361.342977][ T1205] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  361.358168][ T1205] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  361.425400][ T9610] IPVS: using max 21 ests per chain, 50400 per kthread
[  361.433330][ T1205] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  361.484960][ T1205] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  361.534618][ T1205] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  361.586937][ T1205] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  361.625021][ T1205] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.694035][ T1205] usb 6-1: config 0 descriptor??
[  361.735371][ T9597] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  362.099410][ T9618] loop3: detected capacity change from 0 to 32768
[  362.238574][ T1205] plantronics 0003:047F:FFFF.000F: reserved main item tag 0xd
[  362.329666][ T9618] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  362.329721][ T9618]   allowing incompatible features above 0.0: (unknown version)
[  362.329744][ T9618]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  362.379410][ T9618] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  362.387704][ T9618] bcachefs (loop3): initializing new filesystem
[  362.404171][ T9618] bcachefs (loop3): going read-write
[  362.415432][ T1205] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  362.540311][ T9618] bcachefs (loop3): marking superblocks
[  362.560123][ T9618] bcachefs (loop3): initializing freespace
[  362.574228][ T9618] bcachefs (loop3): done initializing freespace
[  362.583999][ T9618] bcachefs (loop3): reading snapshots table
[  362.590098][ T9618] bcachefs (loop3): reading snapshots done
[  362.639772][ T9618] bcachefs (loop3): done starting filesystem
[  362.667801][ T9633] netlink: 'syz.8.1143': attribute type 2 has an invalid length.
[  362.690241][ T1205] usb 6-1: USB disconnect, device number 23
[  362.760288][ T9636] fido_id[9636]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  362.931103][ T5863] bcachefs (loop3): shutting down
[  362.944622][ T5863] bcachefs (loop3): going read-only
[  362.955709][ T5863] bcachefs (loop3): finished waiting for writes to stop
[  363.012603][ T5863] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  363.159092][ T9606] loop6: detected capacity change from 0 to 40427
[  363.269342][ T9642] loop8: detected capacity change from 0 to 2048
[  363.318260][ T9606] F2FS-fs (loop6): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  363.361040][ T5863] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  363.408454][ T9649] loop5: detected capacity change from 0 to 512
[  363.441109][ T5863] bcachefs (loop3): clean shutdown complete, journal seq 4
[  363.478876][ T9642] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  363.506959][ T5863] bcachefs (loop3): marking filesystem clean
[  363.529432][ T9649] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  363.635027][ T9649] ext4 filesystem being mounted at /210/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  363.800527][ T9655] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #12: comm syz.5.1136: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  363.861863][ T5863] bcachefs (loop3): shutdown complete
[  363.867635][ T9655] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #12: comm syz.5.1136: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0)
[  363.992435][ T9606] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  364.104906][ T9606] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  364.154699][ T5862] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  364.174338][ T9606] syz.6.1125: attempt to access beyond end of device
[  364.174338][ T9606] loop6: rw=10241, sector=53248, nr_sectors = 8 limit=40427
[  364.192787][ T5966] IPVS: starting estimator thread 0...
[  364.203742][   T59] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  364.229385][ T9658] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  364.259104][   T59] EXT4-fs (loop8): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 17 with error 28
[  364.272995][   T59] EXT4-fs (loop8): This should not happen!! Data will be lost
[  364.272995][   T59] 
[  364.296380][   T59] EXT4-fs (loop8): Total free blocks count 0
[  364.315610][ T9661] IPVS: using max 20 ests per chain, 48000 per kthread
[  364.332896][   T59] EXT4-fs (loop8): Free/Dirty block details
[  364.374479][   T59] EXT4-fs (loop8): free_blocks=2415919504
[  364.399712][ T7618] syz-executor: attempt to access beyond end of device
[  364.399712][ T7618] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  364.422995][   T59] EXT4-fs (loop8): dirty_blocks=32
[  364.439787][   T59] EXT4-fs (loop8): Block reservation details
[  364.469938][ T7618] CPU: 1 UID: 0 PID: 7618 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  364.469986][ T7618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  364.470010][ T7618] Call Trace:
[  364.470023][ T7618]  <TASK>
[  364.470036][ T7618]  dump_stack_lvl+0x16c/0x1f0
[  364.470096][ T7618]  f2fs_handle_critical_error+0x624/0x9f0
[  364.470151][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.470198][ T7618]  ? f2fs_build_fault_attr+0x53/0x1f0
[  364.470250][ T7618]  f2fs_write_end_io+0x958/0xcf0
[  364.470309][ T7618]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  364.470367][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.470424][ T7618]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  364.470476][ T7618]  bio_endio+0x6bf/0x800
[  364.470538][ T7618]  submit_bio_noacct+0x306/0x1ed0
[  364.470602][ T7618]  __submit_merged_bio+0x33c/0x770
[  364.470661][ T7618]  __submit_merged_write_cond+0x319/0x3f0
[  364.470726][ T7618]  f2fs_write_cache_pages+0x2067/0x2570
[  364.470816][ T7618]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  364.470885][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.470931][ T7618]  ? __lock_acquire+0x62e/0x1ce0
[  364.471003][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.471050][ T7618]  ? __lock_acquire+0x62e/0x1ce0
[  364.471194][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.471241][ T7618]  ? bpf_ksym_find+0x124/0x1c0
[  364.471294][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.471384][ T7618]  f2fs_write_data_pages+0x4ad/0xd90
[  364.471455][ T7618]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  364.471530][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.471587][ T7618]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  364.471655][ T7618]  do_writepages+0x27a/0x600
[  364.471712][ T7618]  ? __pfx_do_writepages+0x10/0x10
[  364.471759][ T7618]  ? do_raw_spin_unlock+0x172/0x230
[  364.471804][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.471848][ T7618]  ? _raw_spin_unlock+0x28/0x50
[  364.471899][ T7618]  filemap_fdatawrite_wbc+0x104/0x160
[  364.471955][ T7618]  __filemap_fdatawrite_range+0xb9/0x100
[  364.472020][ T7618]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  364.472142][ T7618]  ? find_held_lock+0x2b/0x80
[  364.472192][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.472239][ T7618]  ? do_raw_spin_unlock+0x172/0x230
[  364.472282][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.472334][ T7618]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  364.472421][ T7618]  block_operations+0x2b0/0xfe0
[  364.472490][ T7618]  ? __pfx___schedule+0x10/0x10
[  364.472540][ T7618]  ? __pfx_block_operations+0x10/0x10
[  364.472667][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.472713][ T7618]  ? down_write+0x14d/0x200
[  364.472771][ T7618]  ? __pfx_down_write+0x10/0x10
[  364.472830][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.472875][ T7618]  ? rcu_is_watching+0x12/0xc0
[  364.472931][ T7618]  f2fs_write_checkpoint+0x2b8/0x4c60
[  364.472976][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.473022][ T7618]  ? kfree+0x2b4/0x4d0
[  364.473069][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.473117][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.473163][ T7618]  ? rcu_is_watching+0x12/0xc0
[  364.473210][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.473255][ T7618]  ? kthread_stop+0x273/0x630
[  364.473296][ T7618]  kill_f2fs_super+0x3c2/0x470
[  364.473336][ T7618]  ? __pfx_kill_f2fs_super+0x10/0x10
[  364.473370][ T7618]  ? lockdep_hardirqs_on+0x7c/0x110
[  364.473442][ T7618]  deactivate_locked_super+0xc1/0x1a0
[  364.473503][ T7618]  deactivate_super+0xde/0x100
[  364.473563][ T7618]  cleanup_mnt+0x225/0x450
[  364.473633][ T7618]  task_work_run+0x150/0x240
[  364.473679][ T7618]  ? __pfx_task_work_run+0x10/0x10
[  364.473719][ T7618]  ? srso_alias_return_thunk+0x5/0xfbef5
[  364.473768][ T7618]  ? __pfx___x64_sys_umount+0x10/0x10
[  364.473817][ T7618]  exit_to_user_mode_loop+0xeb/0x110
[  364.473860][ T7618]  do_syscall_64+0x3f6/0x4c0
[  364.473919][ T7618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.473957][ T7618] RIP: 0033:0x7fc34858ff17
[  364.473986][ T7618] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  364.474025][ T7618] RSP: 002b:00007fff03d6de58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  364.474061][ T7618] RAX: 0000000000000000 RBX: 00007fc348611c05 RCX: 00007fc34858ff17
[  364.474086][ T7618] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff03d6df10
[  364.474110][ T7618] RBP: 00007fff03d6df10 R08: 0000000000000000 R09: 0000000000000000
[  364.474135][ T7618] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff03d6efa0
[  364.474159][ T7618] R13: 00007fc348611c05 R14: 0000000000058ea9 R15: 00007fff03d6efe0
[  364.474210][ T7618]  </TASK>
[  364.474224][ T7618] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  364.481916][   T59] EXT4-fs (loop8): i_reserved_data_blocks=2
[  364.557014][ T9663] tun0: tun_chr_ioctl cmd 1074025675
[  364.613351][ T8207] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.879725][ T9663] tun0: persist enabled
[  364.991434][ T9664] tun0: tun_chr_ioctl cmd 1074025675
[  364.999091][ T9664] tun0: persist disabled
[  365.071093][ T9647] loop7: detected capacity change from 0 to 32768
[  365.126071][ T9647] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1135 (9647)
[  365.170391][ T9670] loop8: detected capacity change from 0 to 256
[  365.180767][ T9647] BTRFS info (device loop7): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  365.222790][ T9647] BTRFS info (device loop7): using blake2b (blake2b-256-generic) checksum algorithm
[  365.376726][ T9670] FAT-fs (loop8): Directory bread(block 64) failed
[  365.395225][ T9670] FAT-fs (loop8): Directory bread(block 65) failed
[  365.402100][ T9670] FAT-fs (loop8): Directory bread(block 66) failed
[  365.427109][ T9670] FAT-fs (loop8): Directory bread(block 67) failed
[  365.452371][ T9670] FAT-fs (loop8): Directory bread(block 68) failed
[  365.480954][ T9647] BTRFS info (device loop7): enabling ssd optimizations
[  365.494883][ T9670] FAT-fs (loop8): Directory bread(block 69) failed
[  365.501591][ T9670] FAT-fs (loop8): Directory bread(block 70) failed
[  365.516768][ T9647] BTRFS info (device loop7): enabling free space tree
[  365.523572][ T9647] BTRFS info (device loop7): use zstd compression, level 3
[  365.545036][ T9670] FAT-fs (loop8): Directory bread(block 71) failed
[  365.684369][ T9670] FAT-fs (loop8): Directory bread(block 72) failed
[  365.731202][ T9670] FAT-fs (loop8): Directory bread(block 73) failed
[  366.197607][ T7778] BTRFS info (device loop7): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  366.475370][ T5978] kworker/u8:8: attempt to access beyond end of device
[  366.475370][ T5978] loop8: rw=1, sector=1224, nr_sectors = 12 limit=256
[  366.585190][ T1205] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  366.625951][ T9699] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1146'.
[  366.715139][ T9700] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1146'.
[  366.775149][ T1205] usb 7-1: Using ep0 maxpacket: 16
[  366.835815][ T1205] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  366.894835][ T1205] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  366.926181][ T9703] loop8: detected capacity change from 0 to 1024
[  366.974916][ T1205] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  367.022085][ T1205] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.056408][ T1205] usb 7-1: Product: syz
[  367.060675][ T1205] usb 7-1: Manufacturer: syz
[  367.087943][ T1205] usb 7-1: SerialNumber: syz
[  367.123120][ T9703] Quota error (device loop8): do_check_range: Getting block 64 out of range 1-5
[  367.135417][ T1205] usb 7-1: config 0 descriptor??
[  367.193775][ T9703] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0
[  367.236282][ T9703] EXT4-fs error (device loop8): ext4_acquire_dquot:6935: comm syz.8.1148: Failed to acquire dquot type 0
[  367.257934][ T1205] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  367.314972][ T1205] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  367.393117][ T9703] EXT4-fs error (device loop8): mb_free_blocks:2014: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  367.479271][ T9703] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #13: comm syz.8.1148: corrupted inode contents
[  367.573504][ T9703] EXT4-fs error (device loop8): ext4_dirty_inode:6538: inode #13: comm syz.8.1148: mark_inode_dirty error
[  367.601670][ T9703] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #13: comm syz.8.1148: corrupted inode contents
[  367.627235][ T9703] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #13: comm syz.8.1148: mark_inode_dirty error
[  367.647297][ T9703] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #13: comm syz.8.1148: corrupted inode contents
[  367.664954][ T9703] EXT4-fs error (device loop8) in ext4_orphan_del:305: Corrupt filesystem
[  367.679378][ T9703] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #13: comm syz.8.1148: corrupted inode contents
[  367.706403][ T9703] EXT4-fs error (device loop8): ext4_truncate:4666: inode #13: comm syz.8.1148: mark_inode_dirty error
[  367.718345][ T9703] EXT4-fs error (device loop8) in ext4_process_orphan:347: Corrupt filesystem
[  367.766050][ T9703] EXT4-fs (loop8): 1 truncate cleaned up
[  367.774307][ T9703] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  367.798577][ T9692] loop5: detected capacity change from 0 to 32768
[  367.844944][ T1205] em28xx 7-1:0.0: chip ID is em2765
[  367.877478][ T9692] (syz.5.1144,9692,1):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  367.936856][ T9692] (syz.5.1144,9692,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  368.055225][ T1205] em28xx 7-1:0.0: Config register raw data: 0x36
[  368.062680][ T1205] em28xx 7-1:0.0: I2S Audio (5 sample rate(s))
[  368.069910][ T1205] em28xx 7-1:0.0: No AC97 audio processor
[  368.078360][ T9692] JBD2: Ignoring recovery information on journal
[  368.190986][ T9703] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  368.274117][ T9718] EXT4-fs (loop8): warning: mounting fs with errors, running e2fsck is recommended
[  368.341372][ T1205] usb 7-1: USB disconnect, device number 8
[  368.350883][ T9692] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  368.376052][ T9718] Quota error (device loop8): do_check_range: Getting block 64 out of range 1-5
[  368.449546][ T9718] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 0
[  368.530614][ T9718] EXT4-fs error (device loop8): ext4_acquire_dquot:6935: comm syz.8.1148: Failed to acquire dquot type 0
[  368.623050][ T9718] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  368.918277][ T9692] 
[  368.920687][ T9692] ======================================================
[  368.927730][ T9692] WARNING: possible circular locking dependency detected
[  368.934761][ T9692] syzkaller #0 Not tainted
[  368.939189][ T9692] ------------------------------------------------------
[  368.946217][ T9692] syz.5.1144/9692 is trying to acquire lock:
[  368.952202][ T9692] ffff888050261800 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_remove_inode+0x15b/0x8a0
[  368.964762][ T9692] 
[  368.964762][ T9692] but task is already holding lock:
[  368.972130][ T9692] ffff88806dbf42c0 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_wipe_inode+0x2d5/0x1210
[  368.984495][ T9692] 
[  368.984495][ T9692] which lock already depends on the new lock.
[  368.984495][ T9692] 
[  368.994911][ T9692] 
[  368.994911][ T9692] the existing dependency chain (in reverse order) is:
[  369.003931][ T9692] 
[  369.003931][ T9692] -> #3 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}:
[  369.014495][ T9692]        down_write+0x92/0x200
[  369.019323][ T9692]        ocfs2_del_inode_from_orphan+0x112/0x700
[  369.025695][ T9692]        ocfs2_dio_end_io_write+0x2cb/0xf30
[  369.031723][ T9692]        ocfs2_dio_end_io+0x136/0x2c0
[  369.037132][ T9692]        dio_complete+0x224/0x970
[  369.042183][ T9692]        __blockdev_direct_IO+0x3027/0x3c40
[  369.048129][ T9692]        ocfs2_direct_IO+0x263/0x360
[  369.053448][ T9692]        generic_file_direct_write+0x19a/0x410
[  369.059636][ T9692]        __generic_file_write_iter+0x11b/0x240
[  369.065823][ T9692]        ocfs2_file_write_iter+0xbc4/0x21b0
[  369.071787][ T9692]        iter_file_splice_write+0xa24/0x12e0
[  369.077885][ T9692]        direct_splice_actor+0x192/0x6c0
[  369.083560][ T9692]        splice_direct_to_actor+0x345/0xa30
[  369.089510][ T9692]        do_splice_direct+0x174/0x240
[  369.094964][ T9692]        do_sendfile+0xb06/0xe50
[  369.099947][ T9692]        __x64_sys_sendfile64+0x1d8/0x220
[  369.105680][ T9692]        do_syscall_64+0xcd/0x4c0
[  369.110728][ T9692]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.117236][ T9692] 
[  369.117236][ T9692] -> #2 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}:
[  369.126120][ T9692]        down_write+0x92/0x200
[  369.130912][ T9692]        ocfs2_create_local_dquot+0x157/0xb30
[  369.136992][ T9692]        ocfs2_acquire_dquot+0x626/0xb00
[  369.142644][ T9692]        dqget+0x693/0x1180
[  369.147162][ T9692]        __dquot_initialize+0x586/0xd50
[  369.152716][ T9692]        ocfs2_get_init_inode+0xe7/0x1b0
[  369.158359][ T9692]        ocfs2_mknod+0x974/0x2540
[  369.163397][ T9692]        ocfs2_create+0x17c/0x460
[  369.168431][ T9692]        lookup_open.isra.0+0x11d3/0x1580
[  369.174170][ T9692]        path_openat+0x893/0x2cb0
[  369.179194][ T9692]        do_filp_open+0x20b/0x470
[  369.184220][ T9692]        do_sys_openat2+0x11b/0x1d0
[  369.189428][ T9692]        __x64_sys_openat+0x174/0x210
[  369.194813][ T9692]        do_syscall_64+0xcd/0x4c0
[  369.199859][ T9692]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.206275][ T9692] 
[  369.206275][ T9692] -> #1 (&dquot->dq_lock){+.+.}-{4:4}:
[  369.213936][ T9692]        __mutex_lock+0x193/0x1060
[  369.219069][ T9692]        dqget+0x5f1/0x1180
[  369.223581][ T9692]        __dquot_initialize+0x586/0xd50
[  369.229135][ T9692]        ocfs2_get_init_inode+0xe7/0x1b0
[  369.234778][ T9692]        ocfs2_mknod+0x974/0x2540
[  369.239815][ T9692]        ocfs2_create+0x17c/0x460
[  369.244852][ T9692]        lookup_open.isra.0+0x11d3/0x1580
[  369.250594][ T9692]        path_openat+0x893/0x2cb0
[  369.255618][ T9692]        do_filp_open+0x20b/0x470
[  369.260642][ T9692]        do_sys_openat2+0x11b/0x1d0
[  369.265916][ T9692]        __x64_sys_openat+0x174/0x210
[  369.271302][ T9692]        do_syscall_64+0xcd/0x4c0
[  369.276642][ T9692]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.283761][ T9692] 
[  369.283761][ T9692] -> #0 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  369.294388][ T9692]        __lock_acquire+0x12a6/0x1ce0
[  369.299792][ T9692]        lock_acquire+0x179/0x350
[  369.304849][ T9692]        down_write+0x92/0x200
[  369.309640][ T9692]        ocfs2_remove_inode+0x15b/0x8a0
[  369.315199][ T9692]        ocfs2_wipe_inode+0x446/0x1210
[  369.320679][ T9692]        ocfs2_evict_inode+0x6e0/0x1680
[  369.326255][ T9692]        evict+0x3e6/0x920
[  369.330683][ T9692]        iput+0x521/0x880
[  369.335022][ T9692]        ocfs2_dentry_iput+0x139/0x330
[  369.340507][ T9692]        dentry_unlink_inode+0x282/0x480
[  369.346150][ T9692]        __dentry_kill+0x1d0/0x600
[  369.351279][ T9692]        dput.part.0+0x4b1/0x9b0
[  369.356249][ T9692]        dput+0x1f/0x30
[  369.360416][ T9692]        do_renameat2+0x809/0xc50
[  369.365449][ T9692]        __x64_sys_rename+0x7d/0xa0
[  369.370654][ T9692]        do_syscall_64+0xcd/0x4c0
[  369.375702][ T9692]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.382122][ T9692] 
[  369.382122][ T9692] other info that might help us debug this:
[  369.382122][ T9692] 
[  369.392338][ T9692] Chain exists of:
[  369.392338][ T9692]   &ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE] --> &ocfs2_quota_ip_alloc_sem_key --> &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]
[  369.392338][ T9692] 
[  369.412451][ T9692]  Possible unsafe locking scenario:
[  369.412451][ T9692] 
[  369.419892][ T9692]        CPU0                    CPU1
[  369.425245][ T9692]        ----                    ----
[  369.430600][ T9692]   lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]);
[  369.437890][ T9692]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  369.446045][ T9692]                                lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]);
[  369.455855][ T9692]   lock(&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]);
[  369.463232][ T9692] 
[  369.463232][ T9692]  *** DEADLOCK ***
[  369.463232][ T9692] 
[  369.471451][ T9692] 6 locks held by syz.5.1144/9692:
[  369.476553][ T9692]  #0: ffff8880400d6428 (sb_writers#27){.+.+}-{0:0}, at: do_renameat2+0x431/0xc50
[  369.485849][ T9692]  #1: ffff8880400d6738 (&type->s_vfs_rename_key#7){+.+.}-{4:4}, at: do_renameat2+0x52a/0xc50
[  369.496207][ T9692]  #2: ffff88804389c2c0 (&type->i_mutex_dir_key#22/1){+.+.}-{4:4}, at: lock_two_directories+0x162/0x2d0
[  369.507430][ T9692]  #3: ffff88804389df40 (&sb->s_type->i_mutex_key#33/5){+.+.}-{4:4}, at: lock_two_directories+0x199/0x2d0
[  369.518828][ T9692]  #4: ffff888033abcbd0 (&osb->nfs_sync_rwlock){.+.+}-{4:4}, at: ocfs2_nfs_sync_lock+0xe4/0x2e0
[  369.529421][ T9692]  #5: ffff88806dbf42c0 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_wipe_inode+0x2d5/0x1210
[  369.542185][ T9692] 
[  369.542185][ T9692] stack backtrace:
[  369.548072][ T9692] CPU: 1 UID: 0 PID: 9692 Comm: syz.5.1144 Not tainted syzkaller #0 PREEMPT(full) 
[  369.548114][ T9692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  369.548136][ T9692] Call Trace:
[  369.548148][ T9692]  <TASK>
[  369.548161][ T9692]  dump_stack_lvl+0x116/0x1f0
[  369.548214][ T9692]  print_circular_bug+0x275/0x350
[  369.548275][ T9692]  check_noncircular+0x14c/0x170
[  369.548337][ T9692]  __lock_acquire+0x12a6/0x1ce0
[  369.548403][ T9692]  lock_acquire+0x179/0x350
[  369.548459][ T9692]  ? ocfs2_remove_inode+0x15b/0x8a0
[  369.548507][ T9692]  ? __pfx___might_resched+0x10/0x10
[  369.548560][ T9692]  down_write+0x92/0x200
[  369.548618][ T9692]  ? ocfs2_remove_inode+0x15b/0x8a0
[  369.548662][ T9692]  ? __pfx_down_write+0x10/0x10
[  369.548715][ T9692]  ? ocfs2_xattr_remove+0x159/0xd10
[  369.548766][ T9692]  ocfs2_remove_inode+0x15b/0x8a0
[  369.548812][ T9692]  ? __pfx_ocfs2_remove_inode+0x10/0x10
[  369.548859][ T9692]  ? __pfx_down_write+0x10/0x10
[  369.548918][ T9692]  ocfs2_wipe_inode+0x446/0x1210
[  369.548971][ T9692]  ? __pfx_ocfs2_wipe_inode+0x10/0x10
[  369.549021][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.549066][ T9692]  ? do_raw_spin_unlock+0x172/0x230
[  369.549106][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.549153][ T9692]  ocfs2_evict_inode+0x6e0/0x1680
[  369.549206][ T9692]  ? __pfx_ocfs2_evict_inode+0x10/0x10
[  369.549254][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.549299][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.549342][ T9692]  ? find_held_lock+0x2b/0x80
[  369.549386][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.549434][ T9692]  ? __pfx_ocfs2_evict_inode+0x10/0x10
[  369.549482][ T9692]  evict+0x3e6/0x920
[  369.549522][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.549567][ T9692]  ? __pfx_evict+0x10/0x10
[  369.549617][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.549667][ T9692]  iput+0x521/0x880
[  369.549707][ T9692]  ? __pfx_ocfs2_drop_inode+0x10/0x10
[  369.549758][ T9692]  ocfs2_dentry_iput+0x139/0x330
[  369.549815][ T9692]  ? __pfx_ocfs2_dentry_iput+0x10/0x10
[  369.549869][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.549916][ T9692]  ? __pfx_ocfs2_dentry_iput+0x10/0x10
[  369.549971][ T9692]  dentry_unlink_inode+0x282/0x480
[  369.550013][ T9692]  __dentry_kill+0x1d0/0x600
[  369.550057][ T9692]  dput.part.0+0x4b1/0x9b0
[  369.550103][ T9692]  dput+0x1f/0x30
[  369.550143][ T9692]  do_renameat2+0x809/0xc50
[  369.550189][ T9692]  ? __pfx_do_renameat2+0x10/0x10
[  369.550225][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.550271][ T9692]  ? find_held_lock+0x2b/0x80
[  369.550313][ T9692]  ? __might_fault+0xe3/0x190
[  369.550373][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.550428][ T9692]  ? srso_alias_return_thunk+0x5/0xfbef5
[  369.550472][ T9692]  ? getname_flags.part.0+0x1c5/0x550
[  369.550524][ T9692]  __x64_sys_rename+0x7d/0xa0
[  369.550563][ T9692]  do_syscall_64+0xcd/0x4c0
[  369.550621][ T9692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.550657][ T9692] RIP: 0033:0x7fef0c38ebe9
[  369.550685][ T9692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.550721][ T9692] RSP: 002b:00007fef0d235038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  369.550753][ T9692] RAX: ffffffffffffffda RBX: 00007fef0c5b5fa0 RCX: 00007fef0c38ebe9
[  369.550777][ T9692] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000000
[  369.550800][ T9692] RBP: 00007fef0c411e19 R08: 0000000000000000 R09: 0000000000000000
[  369.550821][ T9692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  369.550843][ T9692] R13: 00007fef0c5b6038 R14: 00007fef0c5b5fa0 R15: 00007ffee0aebaa8
[  369.550877][ T9692]  </TASK>
[  369.961288][ T8207] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.195789][ T5862] ocfs2: Unmounting device (7,5) on (node local)